Misconfiguration in a publicly exposed OCPP playground allowed attackers to read arbitrary files from the server
Public Charging Infrastructure
NTCF:
NTCF-2023-45886
Vendor:
Siemens
Criticality:
low
Status:
fixed
Discovered:
2023-07-31
Detail:
Public
Description
In accordance with NTC Vulnerability Disclosure Policy, no technical details about this vulnerability will be publicly disclosed. Further details may be provided on a case by case basis.
Please use the contact form and provide an explanation for your request.
Timeline
2023-07-31: initial discovery
2023-08-02: first contact to vendor
2023-08-02: private disclosure to vendor
2023-11-09: fix by vendor
2023-11-15: public disclosure