CVE-2023-49955 – This vulnerability in Dalmann OCPP.Core allows ... (How to Fix)

Q: What is the severity of CVE-2023-49955?

CVE-2023-49955 has a CVSS score of 7.5 (HIGH). This vulnerability in Dalmann OCPP.Core allows attackers to send BootNotification messages with excessively large chargePointVendor fields, causing server instability and denial of service. It affects electric vehicle charging systems using OCPP.Core before version 1.2.0. The vendor notes the software is intended for protected environments, but any exposed implementation is vulnerable.

📋 TL;DR

This vulnerability in Dalmann OCPP.Core allows attackers to send BootNotification messages with excessively large chargePointVendor fields, causing server instability and denial of service. It affects electric vehicle charging systems using OCPP.Core before version 1.2.0. The vendor notes the software is intended for protected environments, but any exposed implementation is vulnerable.

💻 Affected Systems

Products:

Dalmann OCPP.Core

Versions: All versions before 1.2.0

Operating Systems: Any OS running OCPP.Core

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable in default configuration; affects OCPP (Open Charge Point Protocol) implementations for electric vehicle charging systems.

📦 What is this software?

Open Charge Point Protocol by Dallmann Consulting

View all CVEs affecting Open Charge Point Protocol →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server crash and prolonged denial of service for all connected charging stations, potentially disrupting EV charging operations.

🟠

Likely Case

Server instability causing intermittent service disruptions and degraded performance for charging station communications.

🟢

If Mitigated

Minimal impact if proper input validation and network segmentation are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted BootNotification messages; no authentication needed for the vulnerable field.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.0

Vendor Advisory: https://github.com/dallmann-consulting/OCPP.Core/issues/32

Restart Required: Yes

Instructions:

1. Update OCPP.Core to version 1.2.0 or later
2. Restart the OCPP.Core service
3. Verify the update was successful

🔧 Temporary Workarounds

Input Validation Filter

all

Implement custom input validation for chargePointVendor field length before processing BootNotification messages.

Network Segmentation

all

Isolate OCPP.Core servers from untrusted networks as recommended by vendor.

🧯 If You Can't Patch

Implement network-level filtering to block oversized OCPP messages
Deploy rate limiting on OCPP endpoints to reduce DoS impact

🔍 How to Verify

Check if Vulnerable:

Check OCPP.Core version; if below 1.2.0, the system is vulnerable.

Check Version:

Check application configuration or package manager for OCPP.Core version

Verify Fix Applied:

Confirm OCPP.Core version is 1.2.0 or higher and test with oversized chargePointVendor field.

📡 Detection & Monitoring

Log Indicators:

Unusually large BootNotification messages
Server crash/restart logs
High memory usage alerts

Network Indicators:

Oversized OCPP packets
Multiple BootNotification requests with large payloads

SIEM Query:

source="ocpp.log" AND message_size>threshold AND command="BootNotification"

📊 Metadata

CVE ID: CVE-2023-49955

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: December 7, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/dallmann-consulting/OCPP.Core/issues/32 Exploit,Issue Tracking,Vendor Advisory
https://github.com/dallmann-consulting/OCPP.Core/issues/32 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON