admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

add 9 CVEs

Browse Source
This commit is contained in:
Jochen Becker 2022-04-27 17:10:21 +02:00
parent 59a7f39285
commit d9b193c8f8
9 changed files with 1544 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
2021/34xxx/CVE-2021-34587.json
View File

@ -1,18 +1,194 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34587",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Long URL could lead to webserver crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}

188
2021/34xxx/CVE-2021-34588.json
View File

@ -1,18 +1,194 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34588",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Unprotected data export "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425 Direct Request (Forced Browsing)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}

188
2021/34xxx/CVE-2021-34589.json
View File

@ -1,18 +1,194 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: RFID leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}

188
2021/34xxx/CVE-2021-34590.json
View File

@ -1,18 +1,194 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Cross-site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}

188
2021/34xxx/CVE-2021-34591.json
View File

@ -1,18 +1,194 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Local privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}

188
2021/34xxx/CVE-2021-34592.json
View File

@ -1,18 +1,194 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Command injection via Web interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}

188
2021/34xxx/CVE-2021-34601.json
View File

@ -1,18 +1,194 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34601",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Hardcoded Credentials in Charge Controller"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Use of Hard-coded Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64026"
],
"discovery": "EXTERNAL"
}
}

188
2021/34xxx/CVE-2021-34602.json
View File

@ -1,18 +1,194 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34602",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Long URL could lead to webserver crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "<",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "<",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "<",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64027"
],
"discovery": "EXTERNAL"
}
}

95
2022/22xxx/CVE-2022-22521.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T00:00:00.000Z",
"ID": "CVE-2022-22521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Privilege Escalation in Miele Benchmark Programming Tool"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Benchmark Programming Tool",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.2.71",
"version_value": "1.2.71"
}
]
}
}
]
},
"vendor_name": "Miele"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm"
}
]
},
"solution": [
{
"lang": "eng",
"value": "A new version (1.2.72) of the Benchmark Programming Tool, which closes the named vulnerability, is available for download on the Miele website: https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "As a further risk-minimizing measure, the write permissions of the installation folder C:\\\\Miele_Service\\\\ Miele Benchmark Programming Tool can be adjusted so that an exchange of files is only possible with administrative permissions. This is also possible without reinstalling or updating the tool. The procedure for adjusting the permissions depends on the Microsoft Windows operating system environment used and in most cases requires administrative rights.\n"
}
]
}