CVE-2023-49955
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is "OCPP.Core is intended for use in a protected environment/network."
Se descubrió un problema en Dalmann OCPP.Core anterior a 1.2.0 para OCPP (Protocolo de punto de carga abierto) para vehículos eléctricos. No valida la longitud del campo chargePointVendor en un mensaje BootNotification, lo que puede provocar inestabilidad del servidor y denegación de servicio al procesar entradas excesivamente grandes. NOTA: la perspectiva del proveedor es "OCPP.Core está diseñado para su uso en un entorno/red protegido".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-03 CVE Reserved
- 2023-12-07 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/dallmann-consulting/OCPP.Core/issues/32 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dallmann-consulting Search vendor "Dallmann-consulting" | Open Charge Point Protocol Search vendor "Dallmann-consulting" for product "Open Charge Point Protocol" | < 1.2.0 Search vendor "Dallmann-consulting" for product "Open Charge Point Protocol" and version " < 1.2.0" | - |
Affected
| ||||||