CVE-2023-49958

Name of the Vulnerable Software and Affected Versions Dalmann OCPP.Core versions 1.2.0 and earlier

Description An issue was discovered in Dalmann OCPP.Core for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.

Recommendations For versions 1.2.0 and earlier, as a temporary workaround, consider restricting the handling of StartTransaction messages to prevent the acceptance of additional or duplicate properties until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.