Home

Description

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.

PUBLISHED Reserved 2024-08-21 | Published 2025-04-15 | Updated 2025-04-16 | Assigner mitre

References

github.com/steve-community/steve/issues/1546

github.com/...eve/ocpp/ws/OcppWebSocketHandshakeHandler.java

gist.github.com/Badranh/94359664799db6d4709871f0c353f476

cve.org (CVE-2024-44843)

nvd.nist.gov (CVE-2024-44843)

Download JSON