An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.
References
Link | Resource |
---|---|
https://github.com/dallmann-consulting/OCPP.Core/issues/36 | Exploit Issue Tracking Vendor Advisory |
Configurations
History
13 Dec 2023, 13:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Dallmann-consulting open Charge Point Protocol
Dallmann-consulting |
|
CWE | CWE-20 | |
References | () https://github.com/dallmann-consulting/OCPP.Core/issues/36 - Exploit, Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:dallmann-consulting:open_charge_point_protocol:*:*:*:*:*:*:*:* |
07 Dec 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-07 13:15
Updated : 2024-10-09 15:35
NVD link : CVE-2023-49958
Mitre link : CVE-2023-49958
CVE.ORG link : CVE-2023-49958
JSON object : View
Products Affected
dallmann-consulting
- open_charge_point_protocol
CWE
CWE-20
Improper Input Validation