ABB Terra AC Wallbox
Summary
ABB has identified vulnerabilities in its Terra AC Wallbox product, specifically versions 1.8.33 and earlier (for JP variant). Successful exploitation could allow an attacker to remotely control the product and alter its firmware by polluting heap memory.
IFF Assessment
The identified vulnerabilities allow for remote control and modification of firmware, posing a significant threat to the security and integrity of the affected devices.
Severity
The CVSS score of 6.1 reflects a moderate severity. While it enables remote control and firmware alteration, it requires the attacker to first hijack Bluetooth and exploit unvalidated field lengths in communication protocols.
Defender Context
This alert highlights vulnerabilities in critical infrastructure (Energy sector) devices, specifically EV charging stations. Defenders should be aware of potential attacks targeting these systems that could lead to device compromise and manipulation of firmware. It's crucial to ensure these devices are updated to the latest secure versions.