CVE-2023-52096

Name of the Vulnerable Software and Affected Versions SteVe Community ocpp-jaxb versions prior to 0.0.8

Description The issue generates invalid timestamps, such as ones with month 00, in certain situations. This can occur when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. The invalid timestamps may lead to a SQL exception in applications and undermine the integrity of transaction records.

Recommendations For versions prior to 0.0.8, update to version 0.0.8 or later to resolve the issue. As a temporary workaround, consider validating the timestamp parameter in the StartTransaction Open Charge Point Protocol message to prevent invalid timestamps from being processed. Restrict access to the vulnerable ocpp-jaxb module to minimize the risk of exploitation until the update is applied.