CVE-2023-0863
📋 TL;DR
This CVE describes an improper authentication vulnerability in multiple ABB Terra AC wallbox electric vehicle charging station models. Attackers can bypass authentication mechanisms to gain unauthorized access to device functions. All listed ABB Terra AC wallbox products running affected firmware versions are vulnerable.
💻 Affected Systems
- ABB Terra AC wallbox (UL40/80A)
- ABB Terra AC wallbox (UL32A)
- ABB Terra AC wallbox (CE) (Terra AC MID)
- ABB Terra AC wallbox (CE) Terra AC Juno CE
- ABB Terra AC wallbox (CE) Terra AC PTB
- ABB Terra AC wallbox (CE) Symbiosis
- ABB Terra AC wallbox (JP)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of charging station allowing attackers to disable charging, manipulate charging rates, access user data, or potentially cause physical damage through electrical manipulation.
Likely Case
Unauthorized access to charging station management functions, enabling attackers to disrupt charging services, access user information, or manipulate billing data.
If Mitigated
Limited impact if devices are behind firewalls with strict network segmentation and authentication controls, though authentication bypass remains possible.
🎯 Exploit Status
CWE-287 indicates improper authentication, suggesting attackers can bypass authentication without credentials. Given the CVSS score of 8.8 and typical IoT device security, exploitation is likely straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions above the affected ranges: UL40/80A > 1.5.5; UL32A > 1.6.5; CE MID > 1.6.5; Juno CE > 1.6.5; PTB > 1.5.25; Symbiosis > 1.2.7; JP > 1.6.5
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Download firmware update from ABB portal. 2. Connect to wallbox management interface. 3. Upload firmware file. 4. Apply update. 5. Device will restart automatically. 6. Verify new firmware version.
🔧 Temporary Workarounds
Network segmentation
allIsolate charging stations on separate VLAN with strict firewall rules limiting access to management interfaces
Access control lists
allImplement IP-based access restrictions to only allow management from authorized administrative networks
🧯 If You Can't Patch
- Disconnect devices from internet and place behind strict network segmentation
- Implement physical security controls to prevent unauthorized physical access to devices
🔍 How to Verify
Check if Vulnerable:
Check firmware version via wallbox web interface or management console. Compare against affected version ranges.Check Version:
Access wallbox web interface at device IP, navigate to System Information or Settings to view firmware versionVerify Fix Applied:
Confirm firmware version is above affected ranges after update. Test authentication mechanisms to ensure proper access controls.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful access
- Authentication bypass patterns
- Unauthorized configuration changes
Network Indicators:
- Unusual management interface access from unexpected IPs
- Authentication protocol anomalies
SIEM Query:
source="wallbox" AND (event_type="auth_failure" OR event_type="config_change") | stats count by src_ip, user