CVE-2024-44843

Name of the Vulnerable Software and Affected Versions SteVe version 3.7.1

Description The issue lies in the web socket handshake process, allowing attackers to bypass authentication and execute arbitrary commands by supplying crafted OCPP requests.

Recommendations For SteVe version 3.7.1, consider disabling the web socket handshake process until a patch is available to prevent attackers from bypassing authentication. Restrict access to the OCPP request handling module to minimize the risk of exploitation. Avoid using the vulnerable web socket handshake functionality in the affected version until the issue is resolved.