CVE-2023-52096

Summary

CVE-2023-52096 is a vulnerability that affects SteVe Community ocpp-jaxb before version 0.0.8. It generates invalid timestamps, such as those with a month of 00, in certain situations. This vulnerability can be exploited when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. The impact of this vulnerability is the potential for a SQL exception in applications and the compromise of transaction record integrity. This vulnerability has a high base severity rating, with a base score of 7.5 and high confidentiality impact. The exploitability score is 3.9, indicating it is relatively easy to exploit, and the attack vector is through the network. No privileges are required for exploitation, and no user interaction is needed. The remediation for this vulnerability would involve upgrading to a version of SteVe Community ocpp-jaxb that is after 0.0.8 when it becomes available. Note: The information provided here is based on the given text and does not reflect any external sources or additional research beyond what was provided in the text snippet.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.