CVE-2023-49957
Last modified
CVE-2023-49957 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing errors. NOTE: the vendor's perspective is "Imagine you've got two cars in your family and want to charge both in parallel on the same account/token? Why should that be rejected?"
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dallmann-Consulting | Open Charge Point Protocol | < 1.3.0 |
References
- https://github.com/dallmann-consulting/OCPP.Core/issues/35Exploit, Issue Tracking, Vendor Advisory
- https://github.com/dallmann-consulting/OCPP.Core/issues/35Exploit, Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-49957?
How severe is CVE-2023-49957?
How do I fix CVE-2023-49957?
Are you affected by CVE-2023-49957?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST