CVE-2021-34602
moderate-risk
Published 2022-04-27
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.
Do I need to act?
~
4.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (2)
Cc612 Firmware
Icc15Xx Firmware
Affected Vendors
References (2)
Vendor Advisory
https://cert.vde.com/en/advisories/VDE-2021-047
Vendor Advisory
https://cert.vde.com/en/advisories/VDE-2021-047
45
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
8/34 · Low
Exposure
7/34 · Low