CVE-2023-0863

Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed,

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.

*Credits: ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements.

CVSS Scores

NISTv3.1 8.8

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-02-16 CVE Reserved
2023-05-17 CVE Published
2024-08-02 CVE Updated
2024-10-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415&LanguageCode=en&DocumentPartId=&Action=Launch	2023-05-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Abb Search vendor "Abb"	Terra Ac Wallbox Ul40 Firmware Search vendor "Abb" for product "Terra Ac Wallbox Ul40 Firmware"	>= 1.0.0 < 1.5.6 Search vendor "Abb" for product "Terra Ac Wallbox Ul40 Firmware" and version " >= 1.0.0 < 1.5.6"	-	Affected	in	Abb Search vendor "Abb"	Terra Ac Wallbox Ul40 Search vendor "Abb" for product "Terra Ac Wallbox Ul40"	-	-	Safe
Abb Search vendor "Abb"	Terra Ac Wallbox 80a Firmware Search vendor "Abb" for product "Terra Ac Wallbox 80a Firmware"	>= 1.0.0 < 1.5.6 Search vendor "Abb" for product "Terra Ac Wallbox 80a Firmware" and version " >= 1.0.0 < 1.5.6"	-	Affected	in	Abb Search vendor "Abb"	Terra Ac Wallbox 80a Search vendor "Abb" for product "Terra Ac Wallbox 80a"	-	-	Safe
Abb Search vendor "Abb"	Terra Ac Wallbox Ul32a Firmware Search vendor "Abb" for product "Terra Ac Wallbox Ul32a Firmware"	>= 1.0.0 < 1.6.6 Search vendor "Abb" for product "Terra Ac Wallbox Ul32a Firmware" and version " >= 1.0.0 < 1.6.6"	-	Affected	in	Abb Search vendor "Abb"	Terra Ac Wallbox Ul32a Search vendor "Abb" for product "Terra Ac Wallbox Ul32a"	-	-	Safe
Abb Search vendor "Abb"	Terra Ac Wallbox Jp Firmware Search vendor "Abb" for product "Terra Ac Wallbox Jp Firmware"	>= 1.0.0 < 1.6.6 Search vendor "Abb" for product "Terra Ac Wallbox Jp Firmware" and version " >= 1.0.0 < 1.6.6"	-	Affected	in	Abb Search vendor "Abb"	Terra Ac Wallbox Jp Search vendor "Abb" for product "Terra Ac Wallbox Jp"	-	-	Safe
Abb Search vendor "Abb"	Terra Ac Wallbox Ce Mid Firmware Search vendor "Abb" for product "Terra Ac Wallbox Ce Mid Firmware"	>= 1.0.0 < 1.6.6 Search vendor "Abb" for product "Terra Ac Wallbox Ce Mid Firmware" and version " >= 1.0.0 < 1.6.6"	-	Affected	in	Abb Search vendor "Abb"	Terra Ac Wallbox Ce Mid Search vendor "Abb" for product "Terra Ac Wallbox Ce Mid"	-	-	Safe
Abb Search vendor "Abb"	Terra Ac Wallbox Ce Juno Firmware Search vendor "Abb" for product "Terra Ac Wallbox Ce Juno Firmware"	>= 1.0.0 < 1.6.6 Search vendor "Abb" for product "Terra Ac Wallbox Ce Juno Firmware" and version " >= 1.0.0 < 1.6.6"	-	Affected	in	Abb Search vendor "Abb"	Terra Ac Wallbox Ce Juno Search vendor "Abb" for product "Terra Ac Wallbox Ce Juno"	-	-	Safe
Abb Search vendor "Abb"	Terra Ac Wallbox Ce Ptb Firmware Search vendor "Abb" for product "Terra Ac Wallbox Ce Ptb Firmware"	>= 1.0.0 < 1.5.26 Search vendor "Abb" for product "Terra Ac Wallbox Ce Ptb Firmware" and version " >= 1.0.0 < 1.5.26"	-	Affected	in	Abb Search vendor "Abb"	Terra Ac Wallbox Ce Ptb Search vendor "Abb" for product "Terra Ac Wallbox Ce Ptb"	-	-	Safe
Abb Search vendor "Abb"	Terra Ac Wallbox Ce Symbiosis Firmware Search vendor "Abb" for product "Terra Ac Wallbox Ce Symbiosis Firmware"	>= 1.0.0 < 1.2.8 Search vendor "Abb" for product "Terra Ac Wallbox Ce Symbiosis Firmware" and version " >= 1.0.0 < 1.2.8"	-	Affected	in	Abb Search vendor "Abb"	Terra Ac Wallbox Ce Symbiosis Search vendor "Abb" for product "Terra Ac Wallbox Ce Symbiosis"	-	-	Safe