CVE-2023-49958
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.
Se descubrió un problema en Dalmann OCPP.Core hasta 1.2.0 para OCPP (Protocolo de punto de carga abierto) para vehículos eléctricos. El servidor procesa mensajes StartTransaction mal manejados que contienen propiedades adicionales, arbitrarias o propiedades duplicadas. Se acepta la última aparición de una propiedad duplicada. Esto podría aprovecharse para alterar los registros de transacciones o afectar la integridad del sistema.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-12-03 CVE Reserved
- 2023-12-07 CVE Published
- 2024-10-09 CVE Updated
- 2024-10-09 First Exploit
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/dallmann-consulting/OCPP.Core/issues/36 | 2024-10-09 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dallmann-consulting Search vendor "Dallmann-consulting" | Open Charge Point Protocol Search vendor "Dallmann-consulting" for product "Open Charge Point Protocol" | <= 1.2.0 Search vendor "Dallmann-consulting" for product "Open Charge Point Protocol" and version " <= 1.2.0" | - |
Affected
| ||||||