Tano-Coppoletta

**Name of the Vulnerable Software and Affected Versions** SteVe version 3.6.0 **Description** The issue is related to SteVe using predictable transaction ID's when receiving a StartTransaction request. This can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions. The `StartTransaction` request is the endpoint where this issue is observed. **Recommendations** For SteVe version 3.6.0, as a temporary workaround, consider restricting access to the `StartTransaction` request until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dalmann OCPP.Core versions prior to 1.2.0 **Description** An issue was discovered in Dalmann OCPP.Core where it does not validate the length of the `chargePointVendor` field in a "BootNotification" message. This potentially leads to server instability and a denial of service when processing excessively large inputs. The vendor notes that OCPP.Core is intended for use in a protected environment or network. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider implementing input validation for the `chargePointVendor` field in the "BootNotification" message to prevent excessively large inputs from causing server instability.