CVE-2023-0863 - Vulnerability Details

- Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed,

Description

Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.

Published: 2023-05-17

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ABB

Terra AC wallbox (UL40/80A)

unaffected

Version	Status	Constraints
`1.0;0`	affected	≤ 1.5.5

ABB

Terra AC wallbox (UL32A)

unaffected

Version	Status	Constraints
`1.0;0`	affected	≤ 1.6.5

ABB

Terra AC wallbox (CE) (Terra AC MID)

unaffected

Version	Status	Constraints
`1.0;0`	affected	≤ 1.6.5

ABB

Terra AC wallbox (CE) Terra AC Juno CE

unaffected

Version	Status	Constraints
`1.0;0`	affected	≤ 1.6.5

ABB

Terra AC wallbox (CE) Terra AC PTB

unaffected

Version	Status	Constraints
`1.0;0`	affected	≤ 1.5.25

ABB

Terra AC wallbox (CE) Symbiosis

unaffected

Version	Status	Constraints
`1.0;0`	affected	≤ 1.2.7

ABB

Terra AC wallbox (JP)

unaffected

Version	Status	Constraints
`1.0;0`	affected	≤ 1.6.5

Configuration 1 [-]

AND

cpe:2.3:o:abb:terra_ac_wallbox_ul40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:terra_ac_wallbox_ul40:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:abb:terra_ac_wallbox_80a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:terra_ac_wallbox_80a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:abb:terra_ac_wallbox_ul32a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:terra_ac_wallbox_ul32a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:abb:terra_ac_wallbox_jp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:terra_ac_wallbox_jp:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:abb:terra_ac_wallbox_ce_mid_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:terra_ac_wallbox_ce_mid:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:abb:terra_ac_wallbox_ce_juno_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:terra_ac_wallbox_ce_juno:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:abb:terra_ac_wallbox_ce_ptb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:terra_ac_wallbox_ce_ptb:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:abb:terra_ac_wallbox_ce_symbiosis_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:terra_ac_wallbox_ce_symbiosis:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-12860	Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00112.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415&LanguageCode=en&DocumentPartId=&Action=Launch

History

Wed, 22 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Abb Terra Ac Wallbox 80a Terra Ac Wallbox 80a Firmware Terra Ac Wallbox Ce Juno Terra Ac Wallbox Ce Juno Firmware Terra Ac Wallbox Ce Mid Terra Ac Wallbox Ce Mid Firmware Terra Ac Wallbox Ce Ptb Terra Ac Wallbox Ce Ptb Firmware Terra Ac Wallbox Ce Symbiosis Terra Ac Wallbox Ce Symbiosis Firmware Terra Ac Wallbox Jp Terra Ac Wallbox Jp Firmware Terra Ac Wallbox Ul32a Terra Ac Wallbox Ul32a Firmware Terra Ac Wallbox Ul40 Terra Ac Wallbox Ul40 Firmware

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2023-05-17T07:10:46.122Z

Updated: 2025-01-22T16:50:53.486Z

Reserved: 2023-02-16T13:04:45.860Z

Link: CVE-2023-0863

Vulnrichment

Updated: 2024-08-02T05:24:34.698Z

NVD

Status : Modified

Published: 2023-05-17T08:15:08.510

Modified: 2024-11-21T07:37:59.653

Link: CVE-2023-0863

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-287

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object