Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
In SteVe, any authenticated charger can terminate any other charger's active transaction (missing ownership verification on StopTransaction)
Vulnerability Description
SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId (a sequential integer starting from 1) without verifying that the requesting charger matches the charger that originally started the transaction. Any authenticated charger can terminate any other charger’s active session across the entire network. The root cause is in OcppServerRepositoryImpl.getTransaction() which queries only by transactionId with no chargeBoxId ownership check. The validator checks that the transaction exists and is not already stopped but never verifies identity. As an attacker controlling a single registered charger I could enumerate sequential transaction IDs and send StopTransaction messages targeting active sessions on every other charger on the network simultaneously. Combined with FINDING-014 (unauthenticated SOAP endpoints), no registered charger is even required — the attack is executable with a single curl command requiring only a known chargeBoxId. Commit 7f169c6c5b36a9c458ec41ce8af581972e5c724e contains a fix for the issue.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
SteVe 访问控制错误漏洞
Vulnerability Description
SteVe是SteVe Community开源的一个开放平台。用于实施、测试和评估电动汽车的新颖想法,例如身份验证协议、充电点预留机制以及电动汽车的商业模式。 SteVe 3.11.0及之前版本存在访问控制错误漏洞,该漏洞源于处理StopTransaction消息时未验证请求充电器与原始启动交易的充电器是否匹配,可能导致任意充电器会话被终止。
CVSS Information
N/A
Vulnerability Type
N/A