Filtered by vendor Steve-community
Subscriptions
Filtered by product Steve
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25407 | 1 Steve-community | 1 Steve | 2025-05-08 | 7.5 High |
| SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions. | ||||
| CVE-2024-44843 | 1 Steve-community | 1 Steve | 2025-04-25 | 5.9 Medium |
| An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests. | ||||
| CVE-2024-21550 | 1 Steve-community | 1 Steve | 2024-08-13 | 6.1 Medium |
| SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface. | ||||
Page 1 of 1.