CVE-2023-0863

Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed,

CVSS 8.8 HIGHEPSS 0.3%CWE-287

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 May 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

ABB · Terra AC wallbox (CE) Symbiosis ABB · Terra AC wallbox (CE) Terra AC Juno CE ABB · Terra AC wallbox (CE) (Terra AC MID)ABB · Terra AC wallbox (CE) Terra AC PTB ABB · Terra AC wallbox (JP)ABB · Terra AC wallbox (UL32A)ABB · Terra AC wallbox (UL40/80A)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415&LanguageCode=en&DocumentPartId=&Action=Launch