NotCVE - vendor:"Bender"

9 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0

CVE-2021-34602 – Bender Charge Controller: Long URL could lead to webserver crash

https://notcve.org/view.php?id=CVE-2021-34602

27 Apr 2022 — In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. En los controladores de carga Bender/ebee en múltiples versiones son propensos a la inyección de comandos por medio de la interfaz web. Un atacante autenticado podría introducir comandos de shell en algunos campos de entrada que son ejecutados con privilegios root • https://cert.vde.com/en/advisories/VDE-2021-047 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0

CVE-2021-34601 – Bender Charge Controller: Hardcoded Credentials in Charge Controller

https://notcve.org/view.php?id=CVE-2021-34601

27 Apr 2022 — In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. En los controladores de carga Bender/ebee en múltiples versiones son propensos a Credenciales Embebidas. El controlador de carga CC612 de Bender en la versión 5.20.1 e inferior es propenso a credenciales ssh embebidas. • https://cert.vde.com/en/advisories/VDE-2021-047 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •

CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0

CVE-2021-34592 – Bender Charge Controller: Command injection via Web interface

https://notcve.org/view.php?id=CVE-2021-34592

27 Apr 2022 — In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. En los controladores de carga Bender/ebee en múltiples versiones son propensos a la inyección de comandos por medio de la interfaz Web. Un atacante autenticado podría introducir comandos de shell en algunos campos de entrada • https://cert.vde.com/en/advisories/VDE-2021-047 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

CVE-2021-34591 – Bender Charge Controller: Local privilege Escalation

https://notcve.org/view.php?id=CVE-2021-34591

27 Apr 2022 — In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. En los controladores de carga Bender/ebee en múltiples versiones son propensos a una escalada de privilegios local. Un atacante autenticado podría obtener acceso de root por medio de las aplicaciones suid socat, ip udhcpc e ifplugd • https://cert.vde.com/en/advisories/VDE-2021-047 • CWE-250: Execution with Unnecessary Privileges •

CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0

CVE-2021-34590 – Bender Charge Controller: Cross-site Scripting

https://notcve.org/view.php?id=CVE-2021-34590

27 Apr 2022 — In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. En los controladores de carga Bender/ebee en múltiples versiones son propensos a un ataque de tipo Cross-site Scripting. Un atacante autenticado podría escribir código HTML en los valores de configuración. • https://cert.vde.com/en/advisories/VDE-2021-047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

CVE-2021-34589 – Bender Charge Controller: RFID leak

https://notcve.org/view.php?id=CVE-2021-34589

27 Apr 2022 — In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. En los controladores de carga Bender/ebee en múltiples versiones son propensos a un filtrado de RFID. El RFID del último evento de carga puede ser leído sin autenticación por medio de la interfaz web • https://cert.vde.com/en/advisories/VDE-2021-047 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.6EPSS: 0%CPEs: 20EXPL: 0

CVE-2021-34588 – Bender Charge Controller: Unprotected data export

https://notcve.org/view.php?id=CVE-2021-34588

27 Apr 2022 — In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . En los Controladores de Carga Bender/ebee en múltiples versiones son propensos a una exportación de datos sin protección. • https://cert.vde.com/en/advisories/VDE-2021-047 • CWE-425: Direct Request ('Forced Browsing') •

CVSS: 5.3EPSS: 0%CPEs: 21EXPL: 0

CVE-2021-34587 – Bender Charge Controller: Long URL could lead to webserver crash

https://notcve.org/view.php?id=CVE-2021-34587

27 Apr 2022 — In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. En los Controladores de Carga Bender/ebee en múltiples versiones, una URL larga podría conllevar a un bloqueo del servidor web. La URL es usada como entrada de un sprintf a una variable de pila • https://cert.vde.com/en/advisories/VDE-2021-047 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0

CVE-2019-19885

https://notcve.org/view.php?id=CVE-2019-19885

16 Oct 2020 — In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0. En Bender COMTRAXX, la autorización del usuario es comprobada para la mayoría, pero no para todas, las rutas del sistema. Un usuario con conocimiento de las rutas puede leer y escribir datos de configuración sin aut... • https://cert.vde.com/en-us/advisories/vde-2020-043 • CWE-862: Missing Authorization •