CVE-2021-34601

Bender Charge Controller: Hardcoded Credentials in Charge Controller

CVSS 9.8 CRITICALEPSS 1.0%CWE-259

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Bender / ebee · CC612 Bender / ebee · CC613 Bender / ebee · ICC15xx Bender / ebee · ICC16xx

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cert.vde.com/en/advisories/VDE-2021-047