Vulnerability Description
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bender | Cc612 Firmware | >= 5.11.0, < 5.11.2 |
| Bender | Cc612 | - |
| Bender | Cc613 Firmware | >= 5.11.0, < 5.11.2 |
| Bender | Icc613 Firmware | >= 5.12.0, < 5.12.5 |
| Bender | Cc613 | - |
| Bender | Icc15Xx Firmware | >= 5.11.0, < 5.11.2 |
| Bender | Icc15Xx | - |
| Bender | Icc16Xx Firmware | >= 5.11.0, < 5.11.2 |
| Bender | Icc16Xx | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2021-047Vendor Advisory
- https://cert.vde.com/en/advisories/VDE-2021-047Vendor Advisory
FAQ
What is CVE-2021-34589?
CVE-2021-34589 is a vulnerability with a CVSS score of 7.5 (HIGH). In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.
How severe is CVE-2021-34589?
CVE-2021-34589 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34589?
Check the references section above for vendor advisories and patch information. Affected products include: Bender Cc612 Firmware, Bender Cc612, Bender Cc613 Firmware, Bender Icc613 Firmware, Bender Cc613.