Search criteria
4 vulnerabilities found for Terra AC wallbox (CE) (Terra AC MID) by ABB
CVE-2023-0864 (GCVE-0-2023-0864)
Vulnerability from cvelistv5 – Published: 2023-05-17 07:15 – Updated: 2025-01-22 16:50
VLAI?
Title
Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).
Summary
Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.
Severity ?
7.1 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | Terra AC wallbox (UL40/80A) |
Affected:
1.0;0 , ≤ 1.5.5
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:49:48.531006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:50:21.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL40/80A)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL32A) ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) (Terra AC MID)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC Juno CE",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC PTB ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.25",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Symbiosis",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (JP)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements."
}
],
"datePublic": "2023-05-16T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).\u003cp\u003eThis issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\u003c/p\u003e"
}
],
"value": "Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T07:15:52.371Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-0864",
"datePublished": "2023-05-17T07:15:52.371Z",
"dateReserved": "2023-02-16T13:04:48.837Z",
"dateUpdated": "2025-01-22T16:50:21.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0863 (GCVE-0-2023-0863)
Vulnerability from cvelistv5 – Published: 2023-05-17 07:10 – Updated: 2025-01-22 16:50
VLAI?
Title
Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed,
Summary
Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.
Severity ?
8.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | Terra AC wallbox (UL40/80A) |
Affected:
1.0;0 , ≤ 1.5.5
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:50:43.248778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:50:53.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL40/80A)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL32A) ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) (Terra AC MID)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC Juno CE",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC PTB ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.25",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Symbiosis",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (JP)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).\u003cp\u003eThis issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T07:10:46.122Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed, ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-0863",
"datePublished": "2023-05-17T07:10:46.122Z",
"dateReserved": "2023-02-16T13:04:45.860Z",
"dateUpdated": "2025-01-22T16:50:53.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0864 (GCVE-0-2023-0864)
Vulnerability from nvd – Published: 2023-05-17 07:15 – Updated: 2025-01-22 16:50
VLAI?
Title
Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).
Summary
Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.
Severity ?
7.1 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | Terra AC wallbox (UL40/80A) |
Affected:
1.0;0 , ≤ 1.5.5
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:49:48.531006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:50:21.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL40/80A)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL32A) ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) (Terra AC MID)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC Juno CE",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC PTB ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.25",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Symbiosis",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (JP)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements."
}
],
"datePublic": "2023-05-16T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).\u003cp\u003eThis issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\u003c/p\u003e"
}
],
"value": "Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T07:15:52.371Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-0864",
"datePublished": "2023-05-17T07:15:52.371Z",
"dateReserved": "2023-02-16T13:04:48.837Z",
"dateUpdated": "2025-01-22T16:50:21.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0863 (GCVE-0-2023-0863)
Vulnerability from nvd – Published: 2023-05-17 07:10 – Updated: 2025-01-22 16:50
VLAI?
Title
Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed,
Summary
Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.
Severity ?
8.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | Terra AC wallbox (UL40/80A) |
Affected:
1.0;0 , ≤ 1.5.5
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:50:43.248778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:50:53.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL40/80A)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL32A) ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) (Terra AC MID)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC Juno CE",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC PTB ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.25",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Symbiosis",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (JP)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).\u003cp\u003eThis issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T07:10:46.122Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication to access the AC wallbox via its Bluetooth Low Energy (BLE) channel can be bypassed, ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-0863",
"datePublished": "2023-05-17T07:10:46.122Z",
"dateReserved": "2023-02-16T13:04:45.860Z",
"dateUpdated": "2025-01-22T16:50:53.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}