Bender Charge Controller: Cross-site Scripting
CVE-2021-34590

5.4MEDIUM

Key Information:

Vendor: Bender / Ebee
Status: Cc612; Cc613; Icc15xx; Icc16xx
Vendor: CVE Published:; 27 April 2022

🔔 Create Bender / Ebee Vulnerability Alert

What is CVE-2021-34590?

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CC612 5.11.x < 5.11.2

CC612 5.12.x < 5.12.5

CC612 5.13.x < 5.13.2

References

https://cert.vde.com/en/advisories/VDE-2021-047

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 27, 2022
Vulnerability Reserved
Jun 10, 2021

Credit

Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE.

JSON

Bender / Ebee