Summary
ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash memory to alter the firmware behavior.
The following versions of ABB Terra AC Wallbox are affected:
- Terra AC wallbox (JP) <=1.8.33, 1.8.36 (CVE-2025-10504, CVE-2025-12142, CVE-2025-12143)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.1 | ABB | ABB Terra AC Wallbox | Heap-based Buffer Overflow, Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Stack-based Buffer Overflow |
Background
- Critical Infrastructure Sectors: Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Switzerland
Vulnerabilities
CVE-2025-10504
There is potential risk to pollute the memory when developing apps which has used to communicate with charger according to self-defined protocol if developers don’t strictly follow the field length which has not been validated in firmware.
Affected Products
ABB Terra AC Wallbox
ABB
ABB Terra AC wallbox (JP) <=1.8.33
fixed, known_affected
Remediations
Vendor fix
The problem is corrected in the following product version; apply the following update depending on product variant: Terra AC wallbox (JP) 1.8.36 ABB recommends that customers apply the update at earliest convenience.
Mitigation
To attack with this kind of message, hackers must hijack Bluetooth first and then can send messages. Because the communication messages between BLE and charger have been encrypted. In theory, there is no way to attack the charger.
Relevant CWE: CWE-122 Heap-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.1 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
CVE-2025-12142
There is potential risk of polluting the BSS memory when developing apps which are used to communicate with charger via Bluetooth according to self-defined protocol if developers configure an unexpected length of bin files.
Affected Products
ABB Terra AC Wallbox
ABB
ABB Terra AC wallbox (JP) <=1.8.33
fixed, known_affected
Remediations
Vendor fix
The problem is corrected in the following product version; apply the following update depending on product variant: Terra AC wallbox (JP) 1.8.36 ABB recommends that customers apply the update at earliest convenience.
Mitigation
To attack with this kind of message, hackers must hijack Bluetooth first and then can send messages. Because the communication messages between BLE and charger have been encrypted. In theory, there is no way to attack the charger.<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: