CVE-2023-49958

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 7, 2023

Updated: Dec 13, 2023

CWE ID 20

Summary

CVE-2023-49958 is a vulnerability affecting Dalmann OCPP.Core versions 1.2.0 and below for Open Charge Point Protocol (OCPP) used in electric vehicles. The issue lies in the server's handling of StartTransaction messages, which may contain duplicate or additional arbitrary properties. The server will only accept the last occurrence of a duplicate property, potentially enabling an attacker to manipulate transaction records or compromise system integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tq_ul9
https://www.cve.org/CVERecord?id=CVE-2023-49958
https://nvd.nist.gov/vuln/detail/CVE-2023-49958

Back to Vulnerability Database

CVE-2023-49958

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations