Steve-Community: >> Steve >> 3.6.0 Security Vulnerabilities
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-12
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-13