CVE-2024-44843

Published: Apr 15, 2025Modified: Apr 25, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

Exploitability: 1.2 / Impact: 4.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.

Affected (1)

Products: Steve Community: Steve

Steve Community

1 product

Steve

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Steve Community Steve	Version 3.7.1

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (3)

https://gist.github.com/Badranh/94359664799db6d4709871f0c353f476

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/steve-community/steve/blob/master/src/main/java/de/rwth/idsg/steve/ocpp/ws/OcppWebSocketHandshakeHandler.java

Source: cve@mitre.org

Product

https://github.com/steve-community/steve/issues/1546

Source: cve@mitre.org

Issue Tracking

Timeline

No history available yet.