CVE-2023-49955
Last modified
CVE-2023-49955 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. EPSS estimates a 0.71% chance of exploitation in the next 30 days.
Description
An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is "OCPP.Core is intended for use in a protected environment/network."
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dallmann-Consulting | Open Charge Point Protocol | < 1.2.0 |
References
- https://github.com/dallmann-consulting/OCPP.Core/issues/32Exploit, Issue Tracking, Vendor Advisory
- https://github.com/dallmann-consulting/OCPP.Core/issues/32Exploit, Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-49955?
How severe is CVE-2023-49955?
How do I fix CVE-2023-49955?
Are you affected by CVE-2023-49955?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST