Lucene search

[email protected]CVE-2023-49957

HistoryDec 07, 2023 - 1:15 p.m.

CVE-2023-49957

2023-12-0713:15:07

[email protected]

web.nvd.nist.gov

dalmann

ocpp

open charge point protocol

electric vehicles

cve-2023-49957

security

transaction management

billing errors

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing errors. NOTE: the vendor’s perspective is “Imagine you’ve got two cars in your family and want to charge both in parallel on the same account/token? Why should that be rejected?”

Affected configurations

NVD

Node

dallmann-consultingopen_charge_point_protocolRange<1.3.0

CPENameOperatorVersion
dallmann-consulting:open_charge_point_protocoldallmann-consulting open charge point protocollt1.3.0

CPE	Name	Operator	Version
dallmann-consulting:open_charge_point_protocol	dallmann-consulting open charge point protocol	lt	1.3.0

References

github.com/dallmann-consulting/OCPP.Core/issues/35

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for CVE-2023-49957

cvelist1 osv1 prion1 nvd1