Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed,
CVE-2023-0863

8.8HIGH

Key Information:

Vendor

Abb

Status
Terra Ac Wallbox (ul40/80a)
Terra Ac Wallbox (ul32a)
Terra Ac Wallbox (ce) (terra Ac Mid)
Terra Ac Wallbox (ce) Terra Ac Juno Ce
Vendor
CVE Published:
17 May 2023

What is CVE-2023-0863?

The improper authentication vulnerability in ABB's Terra AC wallbox series allows unauthorized access to critical functionalities, which poses significant security risks to users. This vulnerability affects various models of Terra AC wallboxes, potentially enabling malicious actors to exploit user authentication processes. Users of affected models should take immediate action to mitigate risks associated with unauthorized access and ensure their systems are updated with security patches to safeguard against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Terra AC wallbox (CE) (Terra AC MID) 1.0;0 <= 1.6.5

Terra AC wallbox (CE) Terra AC Juno CE 1.0;0 <= 1.6.5

Terra AC wallbox (CE) Symbiosis 1.0;0 <= 1.2.7

References

https://search.abb.com/library/Download.aspx?DocumentID=9...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements.
JSON
.