Vulnerability Description
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bender | Cc612 Firmware | >= 5.11.0, < 5.11.2 |
| Bender | Cc612 | - |
| Bender | Icc15Xx Firmware | >= 5.11.0, < 5.11.2 |
| Bender | Cc613 | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2021-047Vendor Advisory
- https://cert.vde.com/en/advisories/VDE-2021-047Vendor Advisory
FAQ
What is CVE-2021-34591?
CVE-2021-34591 is a vulnerability with a CVSS score of 7.8 (HIGH). In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.
How severe is CVE-2021-34591?
CVE-2021-34591 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34591?
Check the references section above for vendor advisories and patch information. Affected products include: Bender Cc612 Firmware, Bender Cc612, Bender Icc15Xx Firmware, Bender Cc613.