CVE-2026-28230
- EPSS 0.04%
- Veröffentlicht 26.02.2026 22:49:33
- Zuletzt bearbeitet 03.03.2026 19:59:51
SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId (a sequential integer starting from 1) witho...
CVE-2024-44843
- EPSS 0.15%
- Veröffentlicht 15.04.2025 00:00:00
- Zuletzt bearbeitet 25.04.2025 16:48:36
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.
CVE-2024-21550
- EPSS 0.09%
- Veröffentlicht 12.08.2024 15:15:19
- Zuletzt bearbeitet 13.08.2024 17:33:13
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via We...
CVE-2024-25407
- EPSS 0.17%
- Veröffentlicht 13.02.2024 01:15:08
- Zuletzt bearbeitet 08.05.2025 19:16:00
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactio...