Podatność CVE-2023-49958


Publikacja: 2023-12-07   Modyfikacja: 2023-12-14

Opis:
An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.

Typ:

CWE-20

(Improper Input Validation)

Affected software
Dallmann-consulting -> Open charge point protocol 

 Referencje:
https://github.com/dallmann-consulting/OCPP.Core/issues/36

Copyright 2024, cxsecurity.com

 

Back to Top