In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.

2022-04-26 12:00 (CEST) VDE-2021-047  

**BENDER/EBEE: Multiple Charge Controller Vulnerabilities**  
Share: Email | Twitter  

**

Published

**

2022-04-26 12:00 (CEST)

**

Last update

**

2022-04-27 16:46 (CEST)

**Vendor(s)**

Bender GmbH & Co. KG  

**Product(s)**

Article No°

Product Name

Affected Version(s)

CC612

< 5.11.2

CC612

< 5.12.5

CC612

< 5.13.2

CC612

< 5.20.2

CC613

< 5.11.2

CC613

< 5.12.5

CC613

< 5.13.2

CC613

< 5.20.2

ICC15xx

< 5.11.2

ICC15xx

< 5.12.5

ICC15xx

< 5.13.2

ICC15xx

< 5.20.2

ICC16xx

< 5.11.2

ICC16xx

< 5.12.5

ICC16xx

< 5.13.2

ICC16xx

< 5.20.2

**

Summary

**

Bender is publishing this advisory to inform customers about multiple security vulnerabilities in the Charge Controller product families.  
Bender has analysed the weaknesses and determined that the electrical safety of the devices is not concerned. To Benders knowledge, proof-of-concept code or exploits for the weaknesses are not available to the public.  
Bender considers some weaknesses to be critical and thus need to be patched immediately. Therefore, patches are provided as maintenance branch versions 5.11.2, 5.12.5, 5.13.2 and 5.20.2. Future software releases will of course already include these patches.

**

Vulnerabilities

**

**Summary**

_In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may ..._

**Summary**

_In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with ..._

**Weakness**

Direct Request (Forced Browsing) (CWE-425)

**Summary**

_In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is ..._

**Weakness**

Execution with Unnecessary Privileges (CWE-250)

**Summary**

_In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd._

**Summary**

_In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface._

**Weakness**

Cross-site Scripting (XSS) (CWE-79)

**Summary**

_In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed._

**Weakness**

Stack-based Buffer Overflow (CWE-121)

**Summary**

_In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable._

**

Impact

**

The vulnerability allows a malicious entity to bypass credential check and escalate privileges.

**

Solution

**

**Mitigation**

*   restrict network access to the above-mentioned devices 

**Remediation**

*   install latest software update

**

Reported by

**

Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work.  
Bender would also like to thank Qianxin StarV Security Lab, China.  
The issue was coordinated by CERT@VDE.

CVE-2021-34587: VDE-2021-047 | CERT@VDE

IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.

CVE-2022-22345: IBM QRadar cross-site scripting CVE-2022-22345 Vulnerability Report

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021

CVE-2021-38919: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities

Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution.

CVE-2022-28464

What 5,800+ pentests show us: Companies have been struggling with the same known and preventable security bugs year over year. Bandwidth stands at the heart of the problem.

Cybercrime can cause major disruption when it comes to the sustainability and long-term success of companies. Teams want to have robust security but often struggle to meet that objective. It's crucial for security professionals to leverage insights into emerging trends in cybersecurity to pinpoint which vulnerabilities put organizations at the greatest risk, and Cobalt's "State of Pentesting" reports explore how to achieve efficiency to strengthen security.

The "State of Pentesting 2022" surveyed 602 cybersecurity and software development professionals and analyzed data from 2,380 pentests conducted over the course of 2021 to pull key insights that are relevant to security and development teams when it comes to fixing vulnerabilities.

As a result of the data collected, the top five most common vulnerability categories outlined in this year's "State of Pentesting" report include:

1.  Server Security Misconfigurations
2.  Cross-Site Scripting (XSS)
3.  Broken Access Control
4.  Sensitive Data Exposure
5.  Authentication and Sessions

Surprisingly — yet predictably — these vulnerability categories have stayed at the top of the list for at least the last five years in a row. They're also recognizable to those who are familiar with OWASP Top 10 list for Web Application Security Risks.

The majority of these findings are connected to missing configurations, outdated software, and a lack of access management controls — all common and easily preventable security flaws. So, what's holding companies back from preventing well-known security flaws? Why does this come as a surprise?

Because these flaws are common and appear to be less of a major threat, they are often overlooked as teams deal with talent shortages and increased workload. Standing alone, these issues might not cause a lot of concern, but they can build up to create more critical situations that are difficult to tackle and remediate.

Security and development teams need access to more resources and talent to prevent and fix common vulnerabilities in the future. Talent shortages have impacted security programs as teams are struggling to maintain security standards and vulnerabilities are more likely to go undetected and unremedied.

Findings from the "State of Pentesting 2022" point to key strategies organizations can implement for vulnerability management and retention.

1\. **Focus on learning:** Provide the right security training and resources with teams such as the OWASP Top 10 list and the "State of Pentesting" reports_._

2\. **Review your security configurations:** Consistently monitoring access/user matrixes, SSL certificates, software versions, and security headers can help with the top vulnerabilities we see each year. 

3\. **Clearly communicate risk:** It's important to show leadership and team members how insufficient resources and open vulnerabilities of all types can turn into much bigger security problems for the broader organization.

4\. **Outsource to agile vendors:** Find vendors who help you to achieve your security goals, integrate well with your systems, and create the right efficiencies to bring to your workflows.

Security and development teams have clearly been struggling with the same vulnerabilities for five years in a row, and although this can come as a surprise, there are steps teams can take to break the trend.

In addition to these tips for vulnerability management and retention, security assessments like pentesting can be a useful additional resource for development teams to patch vulnerabilities and remediate risk. Pentesting can help defend organizations against vulnerabilities that disrupt the organizational flow, reputation, financial circumstances, and more.  

**About the Author**

    

  
Jay Paz is Cobalt's Senior Director of Delivery. He has more than 12 years of experience in information security and 19+ years of information technology experience, including system analysis, design, and implementation for enterprise-level solutions. At Cobalt, he lays the groundwork for innovation and scale as he oversees operations and day to-day management for Cobalt's pentester community.

5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.

CVE-2022-1504

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add.

Vulnerability file：\\Application\\Home\\Controller\\MessageController.class.php  
You can see that the xss vulnerability is not filtered here  
![image](https://user-images.githubusercontent.com/90141086/160759521-d5d54d75-31bb-43f4-bdeb-00c0409ae336.png)

Vulnerability to reproduce:  
1、Visit url: http://www.xxx.com/index.php?m=home&c=message&a=add ，use the post method to pass in parameter values，the specific operation screenshots are as follows:  
![image](https://user-images.githubusercontent.com/90141086/160760358-48abc193-e73b-48de-96f2-ae79bfc6fbd0.png)  
2、Access background address: http://www.xxx.com/Admin/Message/index/menuId/132 ，you can see the success popup  
![image](https://user-images.githubusercontent.com/90141086/160761425-81af8df1-93af-4858-9bae-27acb0de5b8c.png)  
Or you can log in to the background, click Extension Tools, and then click Message Management，a popup will appear next  
![image](https://user-images.githubusercontent.com/90141086/160761617-f991e8d9-db61-44b5-b0a8-67163a4c1737.png)

Repair suggestion:  
Use php built-in functions such as htmlspecialchars to filter xss vulnerabilities

CVE-2022-28522: There is a stored xss vulnerability here: /index.php?m=home&c=message&a=add · Issue #5 · jorycn/thinkphp-zcms

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-28450: XSS issue in the "Text" parameter (forums) · Issue #6194 · nopSolutions/nopCommerce

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.

    -----------------------------353170076619137176562598160618
    Content-Disposition: form-data; name="Name"
    
    pentester
    -----------------------------353170076619137176562598160618
    Content-Disposition: form-data; name="Email"
    
    phamtrungtintf1512@gmail.com
    -----------------------------353170076619137176562598160618
    Content-Disposition: form-data; name="Description"
    
    Unrestricted File Upload in Apply for vendor account feature
    -----------------------------353170076619137176562598160618
    Content-Disposition: form-data; name="uploadedFile"; filename="script.html"
    Content-Type: text/html
    
    <h1>Testing upload file by TF1T<img src=x onerror=alert(document.domain)></h1>
    -----------------------------353170076619137176562598160618
    Content-Disposition: form-data; name="apply-vendor"
    
    
    -----------------------------353170076619137176562598160618
    Content-Disposition: form-data; name="__RequestVerificationToken"
    
    CfDJ8PCrMQQMCTdOtvWnrq2WpITJLfTjickNjSm_qcSluUiK-_7c-VbzzTCok-M1duwMopvVKCMTy1GmrmTtQnch6SHfSXemzptzz2nOOP8uW4X6qGD2Z-1lPLct2WQrWDBY1qV5aGgzwe2T_2BneJo-5FzzMeW1b0o9epdkZ_hZpu-4UqN6zwTaxYTx-gFvJBoFaw
    -----------------------------353170076619137176562598160618--

Tag

#xss