exploitDog

CVE-2023-49958

Опубликовано: 07 дек. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.

Ссылки

https://github.com/dallmann-consulting/OCPP.Core/issues/36
Exploit
Issue Tracking
Vendor Advisory
https://github.com/dallmann-consulting/OCPP.Core/issues/36
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dallmann-consulting:open_charge_point_protocol:*:*:*:*:*:*:*:*

Версия до 1.2.0 (включая)

EPSS

Процентиль: 53%

0.00299

Низкий

7.5 High

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-8mqw-jpwq-w6mr

CVSS3: 7.5

github

около 2 лет назад

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.

EPSS

Процентиль: 53%

0.00299

Низкий

7.5 High

CVSS3

Дефекты

CWE-20