Terra AC wallbox Heap Memory Corruption Vulnerability

MonitorCVSS 6.19akk108471a8107Sep 16, 2025

ABB

Attack path

Attack VectorAdjacent

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

ABB Terra AC wallbox (JP) versions 1.8.33 and earlier contain heap memory corruption vulnerabilities (CWE-122, CWE-120, CWE-121). An attacker with engineering or administrative credentials on the local network could exploit this to corrupt heap memory, potentially gaining remote control of the product and altering the device firmware by writing to flash memory. This could modify charging behavior or disable charging functions. The vulnerability is corrected in firmware version 1.8.36.

What this means

What could happen

An attacker could corrupt heap memory in the Terra AC wallbox to gain control and modify the device firmware, potentially disabling charging functions or diverting power flows in ways that damage connected equipment or disrupt EV charging operations at your facility.

Who's at risk

EV charging station operators and facility managers responsible for Terra AC wallbox (JP) systems should prioritize this update. Impact is highest in sites where the wallbox is networked for remote monitoring or management, particularly if the device can be reached from administrative networks or the internet.

How it could be exploited

An attacker with elevated privileges (engineering or admin access) on the local network could send specially crafted data to the wallbox memory to trigger a heap buffer overflow, allowing them to execute code and rewrite the device firmware to persistent flash storage.

Prerequisites

Local network access to the Terra AC wallbox
High privilege credentials (engineering or administrative access)
Low attack complexity; no special user interaction required

Requires high-privilege access (authenticated attack)Can lead to firmware modification and persistent device compromiseAffects power delivery and charging safetyLow attack complexity once access is obtained

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Terra AC wallbox (JP) <=1.8.33≤ 1.8.331.8.36

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Terra AC wallbox (JP) firmware to version 1.8.36 or later

Long-term hardening

0/2

HARDENINGRestrict administrative and engineering access to the Terra AC wallbox to authorized personnel only; enforce strong authentication for any remote management

HARDENINGIsolate the Terra AC wallbox on a dedicated network segment or VLAN separate from untrusted systems and guest networks

CVEs (3)

CVE-2025-10504 CVE-2025-12142 CVE-2025-12143

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4d29fcdb-cec8-4981-9a0b-e3a331475dd4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.