Terra AC wallbox Heap Memory Corruption Vulnerability

Monitor6.19akk108471a8107Sep 16, 2025

Attack VectorAdjacent

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

ABB Terra AC wallbox (JP) versions up to 1.8.33 contain a heap memory corruption vulnerability (CWE-122, CWE-120, CWE-121). An attacker could exploit this to corrupt heap memory, potentially take remote control of the device, and modify flash memory to alter firmware behavior.

What this means

What could happen

An attacker with elevated network access could corrupt the wallbox's memory and rewrite its firmware, allowing unauthorized control over EV charging operations or complete denial of service.

Who's at risk

This vulnerability affects EV charging infrastructure operators and facilities (commercial buildings, municipal fleet charging stations, public charging networks) that deploy ABB Terra AC wallboxes. Any facility relying on these devices for EV charging availability should prioritize this update.

How it could be exploited

An attacker with administrative-level access to the Terra AC wallbox (accessible via local network or remote management interface) could send a crafted input to trigger heap memory corruption. Once heap memory is corrupted, the attacker can gain control of the device and write malicious code to flash memory to persist firmware changes.

Prerequisites

Administrative or high privilege credentials for the Terra AC wallbox
Network access to the wallbox management interface (local network or remote access if enabled)
Knowledge of the heap memory layout or buffer overflow technique specific to the device

Requires high privilege credentialsLow attack complexityCan alter device firmwareCVSS 6.1 medium severity

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

Terra AC wallbox (JP) <=1.8.33≤ 1.8.331.8.36

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to the Terra AC wallbox management interface using firewall rules; only allow connections from trusted engineering workstations or management networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Terra AC wallbox (JP) firmware to version 1.8.36 or later

HARDENINGLimit administrative credentials to essential personnel and regularly audit access logs for the wallbox

CVEs (3)

CVE-2025-10504 CVE-2025-12142 CVE-2025-12143

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4d29fcdb-cec8-4981-9a0b-e3a331475dd4