ABB Terra AC Wallbox <=1.8.33 Buffer Overflows: Patch Now

Critical Vulnerabilities Identified in ABB Terra AC Wallbox EV Chargers

Runtime Rebel is issuing an advisory regarding newly disclosed vulnerabilities in the ABB Terra AC Wallbox (JP) electric vehicle (EV) charging stations. These issues, consisting of multiple buffer overflow flaws, could allow an attacker to gain remote control and alter device firmware. The Cybersecurity and Infrastructure Security Agency (CISA) has republished this advisory from ABB PSIRT to highlight the risks, particularly for devices within the energy sector globally, as noted by CISA.

Overview of the Threat

Three distinct CVEs have been identified, all related to various forms of buffer overflows: CVE-2025-10504, CVE-2025-12142, and CVE-2025-12143. These vulnerabilities affect ABB Terra AC Wallbox (JP) versions up to and including 1.8.33. Successful exploitation could lead to heap, BSS, or stack memory pollution, potentially enabling an attacker to achieve RCE and modify the charger’s operational firmware. Each vulnerability carries a CVSS v3.1 base score of 6.1 (Medium severity).

Technical Analysis: ABB Terra AC Wallbox 1.8.33 Buffer Overflow Remediation

The identified vulnerabilities stem from inadequate input validation within the device’s firmware, particularly when handling specific communication protocols or configuration parameters. These flaws, categorized primarily as various buffer overflows, represent critical weaknesses in software security.

• CVE-2025-10504: Heap-based Buffer Overflow (CWE-122) This vulnerability arises when custom applications communicating with the charger via a self-defined protocol do not strictly adhere to expected field lengths. If a developer fails to validate the field length, it can lead to heap memory pollution, which attackers could leverage.

• CVE-2025-12142: Buffer Copy without Checking Size of Input (CWE-120) This classic buffer overflow affects the BSS memory. It can be triggered when developing apps that communicate with the charger via Bluetooth and configure an unexpectedly long binary file. This lack of size checking allows data to overwrite adjacent memory regions.

• CVE-2025-12143: Stack-based Buffer Overflow (CWE-121) This issue occurs when customizing the OCPP (Open Charge Point Protocol) key for “RandomDelay” in the backend. Configuring an unexpected numerical value in this field can lead to stack memory pollution, a common avenue for attackers to manipulate program flow.

For exploitation, an attacker must first “hijack” the Bluetooth communication channel, as the messages between Bluetooth Low Energy (BLE) and the charger are encrypted. This prerequisite increases the attack complexity but does not negate the potential impact if achieved. The overall TTP for these exploits involves specific knowledge of the device’s internal protocols and the ability to interject crafted messages after gaining privileged access to the local network or Bluetooth pairing.

Actionable Recommendations and Mitigations

To address the vulnerabilities in ABB Terra AC Wallbox (JP) versions up to 1.8.33 and prevent potential remote control and firmware alteration, security professionals should prioritize the following:

• Immediate Patching: The most critical action is to apply the vendor-provided fix. ABB has corrected these issues in Terra AC Wallbox (JP) version 1.8.36. Organizations should proceed with the ABB Terra AC Wallbox firmware update 1.8.36 at their earliest convenience.

• Network Segmentation: EV charging stations are often connected to broader operational technology (OT) or industrial control systems (ICS) networks. Isolate these devices from business networks and other critical systems using robust firewalls. Minimize network exposure for all control system components, ensuring they are not directly accessible from the internet.

• Secure Remote Access: If remote access to the ABB Terra AC Wallbox is required, implement secure methods such as Virtual Private Networks (VPNs). Ensure VPNs are updated to the latest available versions and configured with strong authentication. Understand that a VPN’s security is dependent on the security of its connected devices.

• Bluetooth Security: While the advisory notes encrypted Bluetooth communication, ongoing vigilance regarding Bluetooth pairing and device trust is essential. Ensure physical security of charging stations to prevent unauthorized Bluetooth pairing attempts. Monitor for unusual Bluetooth activity in the vicinity of critical devices. Organizations should consider how to detect CVE-2025-10504 exploit attempts through anomalous network or Bluetooth traffic.

• Developer Best Practices: For any custom applications interacting with the ABB Terra AC Wallbox, ensure strict input validation and adherence to secure coding practices. Developers should proactively check field lengths, binary file sizes, and configuration parameters to prevent similar buffer overflow conditions.

• Monitoring and Incident Response: Implement continuous monitoring of network traffic to and from EV charging infrastructure for anomalous activity. Organizations should have established internal procedures for reporting suspected malicious activity to CISA or relevant authorities.