Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).
CVE-2023-0864
7.1HIGH
What is CVE-2023-0864?
A vulnerability in various ABB Terra AC wallbox models allows for the cleartext transmission of sensitive information, potentially exposing user data. This issue affects several models across different versions, where sensitive data may be transmitted without encryption, posing significant security risks. As a precaution, users are advised to ensure their wallbox devices are updated to the latest security patches and monitor for any unusual activity.
Affected Version(s)
Terra AC wallbox (CE) (Terra AC MID) 1.0;0 <= 1.6.5
Terra AC wallbox (CE) Terra AC Juno CE 1.0;0 <= 1.6.5
Terra AC wallbox (CE) Symbiosis 1.0;0 <= 1.2.7
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements.