CISA Warns of Three Buffer Overflow Vulnerabilities in ABB Terra AC Wallbox
CISA has published an advisory for three buffer overflow vulnerabilities in ABB Terra AC Wallbox (JP) that could allow an attacker with Bluetooth access to corrupt memory and alter firmware behavior.
CISA has published an advisory for three vulnerabilities (CVE-2025-10504, CVE-2025-12142, CVE-2025-12143) in ABB Terra AC Wallbox (JP) versions up to 1.8.33. The flaws include heap-based, stack-based, and classic buffer overflows that could allow an attacker with Bluetooth access to corrupt memory and alter firmware behavior. ABB has released version 1.8.36 to address these issues. The vulnerabilities affect energy-sector devices deployed worldwide.
The three CVEs share a common attack vector: an attacker must first hijack the Bluetooth connection to the charger. Once Bluetooth is compromised, the attacker can send specially crafted messages that exploit the buffer overflow flaws. CVE-2025-10504 is a heap-based buffer overflow that could allow memory pollution and potentially remote control of the device, enabling writes to flash memory to alter firmware behavior. CVE-2025-12142 is a classic buffer overflow (CWE-120) that could pollute BSS memory when apps communicate with the charger via a self-defined protocol with unexpected bin file lengths. CVE-2025-12143 is a stack-based buffer overflow that could be triggered by a customized OCPP key with an unexpected number in the "RandomDelay" field.
All three vulnerabilities have a CVSS v3.1 base score of 6.1 (MEDIUM), with the vector string CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C. The attack complexity is low, but the attacker must have high privileges (Bluetooth access) and be on the adjacent network. The impact is high for integrity and availability, but there is no confidentiality impact. The exploitability assessment is "Proof-of-Concept" (P), and remediation is official fix.
The affected product is the ABB Terra AC Wallbox (JP) version 1.8.33 and earlier. ABB has released version 1.8.36 as a fix. ABB recommends that customers apply the update at the earliest convenience. The advisory notes that because Bluetooth communication messages are encrypted, in theory there is no way to attack the charger, but the mitigations still recommend applying the patch.
These vulnerabilities were reported to CISA by ABB PSIRT. The advisory is part of CISA's ongoing effort to secure industrial control systems. The energy sector is designated as critical infrastructure, and these devices are deployed worldwide. Organizations are advised to minimize network exposure, use firewalls, and isolate control system networks from business networks. When remote access is required, VPNs should be used and kept updated.
This advisory follows a series of CISA advisories for ABB products, including UEFI PXE flaws in B&R industrial PCs and vulnerabilities in B&R Automation Runtime and Automation Studio. The consistent pattern of buffer overflow vulnerabilities in ABB products highlights the importance of secure coding practices in industrial control systems.