CVE-2024-44843 Information

Description

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.

Reference

https://gist.github.com/Badranh/94359664799db6d4709871f0c353f476 https://github.com/steve-community/steve/blob/master/src/main/java/de/rwth/idsg/steve/ocpp/ws/OcppWebSocketHandshakeHandler.java https://github.com/steve-community/steve/issues/1546