CVE-2023-49958 : Security Advisory and Response

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles where the server mishandles StartTransaction messages, potentially leading to unauthorized alteration of transaction records.

Understanding CVE-2023-49958

This CVE involves a vulnerability in Dalmann OCPP.Core that can be exploited to impact system integrity.

What is CVE-2023-49958?

CVE-2023-49958 is a security issue in OCPP (Open Charge Point Protocol) for electric vehicles, allowing unauthorized modification of transaction records.

The Impact of CVE-2023-49958

The vulnerability could be exploited to alter transaction records or compromise system integrity.

Technical Details of CVE-2023-49958

This section provides details about the vulnerability, affected systems, and the exploitation mechanism.

Vulnerability Description

The server processes mishandle StartTransaction messages containing additional, arbitrary properties or duplicate properties, accepting the last occurrence of a duplicate property.

Affected Systems and Versions

Vendor: n/a Product: n/a Versions: all versions are affected

Exploitation Mechanism

By sending malicious StartTransaction messages containing additional or duplicate properties, attackers can potentially alter transaction records or disrupt system integrity.

Mitigation and Prevention

Learn how to mitigate the impact of CVE-2023-49958 and prevent future occurrences.

Immediate Steps to Take

Organizations should update to a patched version, implement access controls, and monitor for suspicious activity.

Long-Term Security Practices

Regularly update software, conduct security assessments, and enforce secure coding practices.

Patching and Updates

Monitor for patches from the vendor and apply them promptly to protect systems from exploitation.