Login Sign Up

CVE-2023-49957

7.5 HIGH

📋 TL;DR

This vulnerability in Dalmann OCPP.Core allows multiple charging transactions to occur simultaneously using the same connector and account token, bypassing the expected ConcurrentTx status. This affects electric vehicle charging systems using OCPP.Core software before version 1.3.0, potentially causing billing errors and transaction management issues.

💻 Affected Systems

Products:
  • Dalmann OCPP.Core
Versions: All versions before 1.3.0
Operating Systems: Any OS running OCPP.Core
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using OCPP (Open Charge Point Protocol) for electric vehicle charging management.

📦 What is this software?

Open Charge Point Protocol by Dallmann Consulting

View all CVEs affecting Open Charge Point Protocol →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical billing discrepancies where users are charged incorrectly or not at all for multiple concurrent charging sessions, potentially leading to significant financial losses for charging operators.

🟠

Likely Case

Billing errors where multiple vehicles charging on the same account/token result in incorrect transaction tracking and invoicing.

🟢

If Mitigated

Minor transaction logging inconsistencies that can be reconciled manually if proper monitoring is in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to initiate charging transactions, but the vulnerability is inherent in transaction handling logic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.0

Vendor Advisory: https://github.com/dallmann-consulting/OCPP.Core/issues/35

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update OCPP.Core to version 1.3.0 or later. 3. Restart the OCPP.Core service. 4. Verify transaction handling behavior.

🔧 Temporary Workarounds

Transaction Monitoring and Reconciliation

all

Implement manual or automated monitoring of charging transactions to detect and reconcile concurrent sessions on same account/token.

🧯 If You Can't Patch

  • Implement strict transaction auditing and reconciliation procedures
  • Deploy network segmentation to isolate charging management systems

🔍 How to Verify

Check if Vulnerable:

Check OCPP.Core version - if below 1.3.0, system is vulnerable. Test by attempting to initiate multiple charging sessions with same connectorId and idTag.

Check Version:

Check OCPP.Core configuration or package manager for version information

Verify Fix Applied:

After updating to 1.3.0+, attempt to initiate multiple transactions with same connectorId and idTag - should receive ConcurrentTx status for subsequent attempts.

📡 Detection & Monitoring

Log Indicators:

  • Multiple StartTransaction messages with same connectorId and idTag within short timeframes
  • Missing or incorrect ConcurrentTx status responses

Network Indicators:

  • Multiple OCPP StartTransaction requests for same connector
  • Abnormal transaction duration patterns

SIEM Query:

source="ocpp.logs" AND ("StartTransaction" AND duplicate(connectorId) AND duplicate(idTag) within 5m)

📊 Metadata

CVE ID: CVE-2023-49957
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Published: December 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON