CVE-2024-44843

medium

Description

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.

References

https://github.com/steve-community/steve/issues/1546

https://github.com/steve-community/steve/blob/master/src/main/java/de/rwth/idsg/steve/ocpp/ws/OcppWebSocketHandshakeHandler.java

https://gist.github.com/Badranh/94359664799db6d4709871f0c353f476

Details

Source: Mitre, NVD

Published: 2025-04-15

Updated: 2025-04-25

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L