CVE-2021-34601

Summary

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.

Affected Software

VendorProductVersion RangeStatus
Bender / ebeeCC6125.11.x < 5.11.2affected
Bender / ebeeCC6125.12.x < 5.12.5affected
Bender / ebeeCC6125.13.x < 5.13.2affected
Bender / ebeeCC6125.20.x < 5.20.2affected
Bender / ebeeCC6135.11.x < 5.11.2affected
Bender / ebeeCC6135.12.x < 5.12.5affected
Bender / ebeeCC6135.13.x < 5.13.2affected
Bender / ebeeCC6135.20.x < 5.20.2affected
Bender / ebeeICC15xx5.11.x < 5.11.2affected
Bender / ebeeICC15xx5.12.x < 5.12.5affected
Bender / ebeeICC15xx5.13.x < 5.13.2affected
Bender / ebeeICC15xx5.20.x < 5.20.2affected
Bender / ebeeICC16xx5.11.x < 5.11.2affected
Bender / ebeeICC16xx5.12.x < 5.12.5affected
Bender / ebeeICC16xx5.13.x < 5.13.2affected
Bender / ebeeICC16xx5.20.x < 5.20.2affected

Weaknesses

  • CWE-259: CWE-259 Use of Hard-coded Password

ADP Enrichment

CVE Program Container

Additional References

References