Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed,
CVE-2023-0863

8.8HIGH

Key Information:

Vendor: Abb
Status: Terra Ac Wallbox (ul40/80a); Terra Ac Wallbox (ul32a); Terra Ac Wallbox (ce) (terra Ac Mid); Terra Ac Wallbox (ce) Terra Ac Juno Ce
Vendor: CVE Published:; 17 May 2023

What is CVE-2023-0863?

The improper authentication vulnerability in ABB's Terra AC wallbox series allows unauthorized access to critical functionalities, which poses significant security risks to users. This vulnerability affects various models of Terra AC wallboxes, potentially enabling malicious actors to exploit user authentication processes. Users of affected models should take immediate action to mitigate risks associated with unauthorized access and ensure their systems are updated with security patches to safeguard against potential exploitation.

Affected Version(s)

Terra AC wallbox (CE) (Terra AC MID) 1.0;0 <= 1.6.5

Terra AC wallbox (CE) Terra AC Juno CE 1.0;0 <= 1.6.5

Terra AC wallbox (CE) Symbiosis 1.0;0 <= 1.2.7

References

https://search.abb.com/library/Download.aspx?DocumentID=9...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2023
Vulnerability Reserved
Feb 16, 2023

Credit

ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements.

Abb

What is CVE-2023-0863?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit