An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.
References
Link | Resource |
---|---|
https://github.com/dallmann-consulting/OCPP.Core/issues/36 | Exploit Issue Tracking Vendor Advisory |
https://github.com/dallmann-consulting/OCPP.Core/issues/36 | Exploit Issue Tracking Vendor Advisory |
Configurations
History
21 Nov 2024, 08:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/dallmann-consulting/OCPP.Core/issues/36 - Exploit, Issue Tracking, Vendor Advisory |
13 Dec 2023, 13:53
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:dallmann-consulting:open_charge_point_protocol:*:*:*:*:*:*:*:* | |
First Time |
Dallmann-consulting open Charge Point Protocol
Dallmann-consulting |
|
References | () https://github.com/dallmann-consulting/OCPP.Core/issues/36 - Exploit, Issue Tracking, Vendor Advisory |
07 Dec 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-07 13:15
Updated : 2024-11-21 08:34
NVD link : CVE-2023-49958
Mitre link : CVE-2023-49958
CVE.ORG link : CVE-2023-49958
JSON object : View
Products Affected
dallmann-consulting
- open_charge_point_protocol
CWE
CWE-20
Improper Input Validation