An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.