Vulnerability Description
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bender | Cc612 Firmware | >= 5.11.0, < 5.11.2 |
| Bender | Cc612 | - |
| Bender | Icc15Xx Firmware | >= 5.11.0, < 5.11.2 |
| Bender | Cc613 | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2021-047Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2021-047Third Party Advisory
FAQ
What is CVE-2021-34588?
CVE-2021-34588 is a vulnerability with a CVSS score of 8.6 (HIGH). In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
How severe is CVE-2021-34588?
CVE-2021-34588 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34588?
Check the references section above for vendor advisories and patch information. Affected products include: Bender Cc612 Firmware, Bender Cc612, Bender Icc15Xx Firmware, Bender Cc613.