---
title: "Critical Vulnerabilities in ABB Terra AC Wallbox: Heap and Buffer Overflow Risks"
short_title: "ABB Terra AC Wallbox vulnerabilities expose EV chargers"
description: "ABB Terra AC Wallbox flaws (CVE-2025-10504, CVE-2025-12142, CVE-2025-12143) enable remote control via heap and buffer overflows. Patch now to secure energy infrastructure."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [abb, ev-chargers, buffer-overflow, cve-2025, cybersecurity]
score: 0.78
cve_ids: [CVE-2025-10504, CVE-2025-12142, CVE-2025-12143]
---
## TL;DR
ABB has disclosed three critical vulnerabilities in its Terra AC Wallbox electric vehicle (EV) chargers, affecting versions up to 1.8.33. Exploitation could lead to heap memory pollution, remote control, or firmware manipulation via Bluetooth or custom protocols. ABB has released version 1.8.36 to patch these flaws, urging immediate updates to prevent attacks on energy infrastructure.
Main Content
### Introduction
The ABB Terra AC Wallbox, a widely deployed EV charging solution, has been found vulnerable to three critical security flaws that could allow attackers to hijack device functionality or alter firmware behavior. These vulnerabilities—CVE-2025-10504, CVE-2025-12142, and CVE-2025-12143—exploit heap-based, stack-based, and classic buffer overflows, posing significant risks to energy sector infrastructure. ABB has addressed these issues in the latest firmware update, but unpatched devices remain exposed to potential remote exploitation.
### Key Points
- Affected Versions: Terra AC Wallbox (JP) ≤1.8.33 and 1.8.36 (patched).
- Vulnerability Types:
- Heap-based buffer overflow (CVE-2025-10504)
- Classic buffer overflow (CVE-2025-12142)
- Stack-based buffer overflow (CVE-2025-12143)
- Impact: Remote control, firmware manipulation, and potential disruption of EV charging infrastructure.
- Attack Vector: Exploitation requires Bluetooth hijacking or custom protocol manipulation, though encrypted communications mitigate some risks.
- Mitigation: Apply firmware update 1.8.36 immediately and restrict network access to charging devices.
### Technical Details
The vulnerabilities stem from improper input validation in the Terra AC Wallbox firmware, enabling attackers to:
1. Pollute heap memory (CVE-2025-10504) by sending maliciously crafted messages via custom protocols.
2. Overflow BSS memory (CVE-2025-12142) through Bluetooth communications with unexpected bin file lengths.
3. Corrupt stack memory (CVE-2025-12143) by manipulating the "RandomDelay" OCPP key with unexpected values.
All three flaws share a CVSS v3.1 base score of 6.1 (Medium), reflecting their potential for high-impact exploitation despite requiring adjacent network access (AV:A) and high privileges (PR:H). Successful exploitation could allow attackers to write to flash memory, altering firmware behavior or gaining persistent control over the device.
### Impact Assessment
The vulnerabilities pose severe risks to critical energy infrastructure, particularly in regions where ABB Terra AC Wallbox devices are deployed for public or commercial EV charging. Potential consequences include:
- Unauthorized remote control of charging stations, leading to service disruptions.
- Firmware tampering, enabling attackers to disable safety mechanisms or steal user data.
- Lateral movement within energy sector networks if charging devices are connected to broader operational technology (OT) systems.
While ABB asserts that Bluetooth encryption theoretically prevents exploitation, the flaws highlight systemic risks in IoT-enabled energy devices, emphasizing the need for proactive security measures in OT environments.
### Mitigation Steps
ABB has released firmware version 1.8.36 to address these vulnerabilities. Users should:
1. Apply the update immediately to all affected Terra AC Wallbox devices.
2. Isolate charging stations from business networks using firewalls or VLANs.
3. Disable Bluetooth if not required for operational purposes.
4. Monitor network traffic for suspicious activity, particularly unauthorized Bluetooth connections.
5. Follow CISA’s recommended practices for securing control systems, including defense-in-depth strategies and regular vulnerability assessments.
For organizations unable to patch immediately, restricting physical and network access to charging devices can reduce exposure.
## Conclusion
The discovery of these vulnerabilities in ABB Terra AC Wallbox underscores the growing cybersecurity risks in EV charging infrastructure. While ABB’s patch mitigates the immediate threats, the incident serves as a critical reminder for energy sector stakeholders to prioritize IoT and OT security. Organizations must adopt proactive patch management, network segmentation, and continuous monitoring to defend against evolving cyber threats in critical infrastructure.
## References
[^1]: ABB PSIRT. "ICS Advisory (ICSA-26-141-05)". CISA. Retrieved 2024-10-02.
[^2]: CVE Details. "CVE-2025-10504". MITRE. Retrieved 2024-10-02.
[^3]: CWE Mitre. "CWE-122: Heap-based Buffer Overflow". MITRE. Retrieved 2024-10-02.