Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).
CVE-2023-0864

7.1HIGH

Key Information:

Vendor

Abb

Status
Terra Ac Wallbox (ul40/80a)
Terra Ac Wallbox (ul32a)
Terra Ac Wallbox (ce) (terra Ac Mid)
Terra Ac Wallbox (ce) Terra Ac Juno Ce
Vendor
CVE Published:
17 May 2023

What is CVE-2023-0864?

A vulnerability in various ABB Terra AC wallbox models allows for the cleartext transmission of sensitive information, potentially exposing user data. This issue affects several models across different versions, where sensitive data may be transmitted without encryption, posing significant security risks. As a precaution, users are advised to ensure their wallbox devices are updated to the latest security patches and monitor for any unusual activity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Terra AC wallbox (CE) (Terra AC MID) 1.0;0 <= 1.6.5

Terra AC wallbox (CE) Terra AC Juno CE 1.0;0 <= 1.6.5

Terra AC wallbox (CE) Symbiosis 1.0;0 <= 1.2.7

References

https://search.abb.com/library/Download.aspx?DocumentID=9...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements.
JSON
.