CVE-2023-0864

EUVD-2023-12861

17.05.2023, 08:15

Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 HIGH	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
ABB	CNA	7.1 HIGH	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Affected Products (NVD)

Vendor	Product	Version
abb	terra_ac_wallbox_ul40_firmware	1.0.0 ≤ 𝑥 < 1.5.6
abb	terra_ac_wallbox_80a_firmware	1.0.0 ≤ 𝑥 < 1.5.6
abb	terra_ac_wallbox_ul32a_firmware	1.0.0 ≤ 𝑥 < 1.6.6
abb	terra_ac_wallbox_jp_firmware	1.0.0 ≤ 𝑥 < 1.6.6
abb	terra_ac_wallbox_ce_mid_firmware	1.0.0 ≤ 𝑥 < 1.6.6
abb	terra_ac_wallbox_ce_juno_firmware	1.0.0 ≤ 𝑥 < 1.6.6
abb	terra_ac_wallbox_ce_ptb_firmware	1.0.0 ≤ 𝑥 < 1.5.26
abb	terra_ac_wallbox_ce_symbiosis_firmware	1.0.0 ≤ 𝑥 < 1.2.8

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-319 - Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415&LanguageCode=en&DocumentPartId=&Action=Launch