Summary
ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash memory to alter the firmware behavior.
The following versions of ABB Terra AC are affected:
- Terra AC wallbox (UL40/80A) <=1.8.32, 1.8.33
- Terra AC wallbox (UL32A) <=1.8.2, 1.8.34
- Terra AC wallbox (MID/ CE) <=1.8.32, 1.8.34
- Terra AC wallbox (JP) <=1.8.2, 1.8.34
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.8 | ABB | ABB Terra AC | Heap-based Buffer Overflow |
Background
- Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Switzerland
Vulnerabilities
CVE-2025-5517
There is potential risk to pollute the memory when a specially crafted OCPP message may be sent to a target vulnerable charger by exploiting unencrypted communication to the Charging Station Management System (CSMS) or fully remotely from its CSMS server.
Affected Products
ABB Terra AC
ABB
ABB Terra AC wallbox (UL40/80A) <=1.8.32, ABB Terra AC wallbox (UL32A) <=1.8.2, ABB Terra AC wallbox (MID/ CE) Terra AC MID <=1.8.32, ABB Terra AC wallbox (JP) <=1.8.2
fixed, known_affected
Remediations
Vendor fix
The problem is corrected in the product versions listed as fixed in the advisory. Terra AC wallbox (UL40/80A) 1.8.33 Terra AC wallbox (UL32A) 1.8.34 Terra AC MID 1.8.34 Terra AC Juno CE 1.8.34 Terra AC PTB 1.8.33 Terra AC wallbox (JP) 1.8.34 Additionally, we strongly recommend not use unsafe mode(http) to connect your charger to your backend even though OCPP is allowed to do in this way, which absolutely could be attacked by malicious man or organization as a common knowledge. ABB recommends that customers apply the update at earliest convenience.
Relevant CWE: CWE-122 Heap-based Buffer Overflow
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Acknowledgments
- Itai Shmueli of Saiflow reported this vulnerability to Schneider Electric.
Notice
The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respectiv
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: