Gaetano Coppoletta

**Name of the Vulnerable Software and Affected Versions** Dalmann OCPP.Core versions prior to 1.3.0 **Description** An issue was discovered in Dalmann OCPP.Core for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random `transactionId` terminates active transactions. **Recommendations** For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the handling of StopTransaction messages with random `transactionId` values to prevent unauthorized termination of active transactions.

**Name of the Vulnerable Software and Affected Versions** Dalmann OCPP.Core versions prior to 1.3.0 **Description** An issue was discovered in Dalmann OCPP.Core for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same `connectorId` and `idTag`, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing errors. **Recommendations** For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the same `connectorId` and `idTag` for multiple transactions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dalmann OCPP.Core versions 1.2.0 and earlier **Description** An issue was discovered in Dalmann OCPP.Core for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity. **Recommendations** For versions 1.2.0 and earlier, as a temporary workaround, consider restricting the handling of StartTransaction messages to prevent the acceptance of additional or duplicate properties until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.