CVE-2023-0863

EUVD-2023-12860

17.05.2023, 08:15

Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ABB	CNA	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Affected Products (NVD)

Vendor	Product	Version
abb	terra_ac_wallbox_ul40_firmware	1.0.0 ≤ 𝑥 < 1.5.6
abb	terra_ac_wallbox_80a_firmware	1.0.0 ≤ 𝑥 < 1.5.6
abb	terra_ac_wallbox_ul32a_firmware	1.0.0 ≤ 𝑥 < 1.6.6
abb	terra_ac_wallbox_jp_firmware	1.0.0 ≤ 𝑥 < 1.6.6
abb	terra_ac_wallbox_ce_mid_firmware	1.0.0 ≤ 𝑥 < 1.6.6
abb	terra_ac_wallbox_ce_juno_firmware	1.0.0 ≤ 𝑥 < 1.6.6
abb	terra_ac_wallbox_ce_ptb_firmware	1.0.0 ≤ 𝑥 < 1.5.26
abb	terra_ac_wallbox_ce_symbiosis_firmware	1.0.0 ≤ 𝑥 < 1.2.8

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415&LanguageCode=en&DocumentPartId=&Action=Launch