{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2025-12142/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":6.1,"id":"CVE-2025-10504"},{"cvss":6.1,"id":"CVE-2025-12142"},{"cvss":6.1,"id":"CVE-2025-12143"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Terra AC wallbox"],"_cs_severities":["medium"],"_cs_tags":["ics","buffer overflow","cve-2025-10504","cve-2025-12142","cve-2025-12143"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eABB Terra AC Wallbox versions \u0026lt;=1.8.33 (JP) are susceptible to three buffer overflow vulnerabilities: CVE-2025-10504 (Heap-based), CVE-2025-12142 (Classic Buffer Overflow), and CVE-2025-12143 (Stack-based). Successful exploitation could lead to heap memory pollution, potentially enabling remote control of the device and unauthorized firmware modifications. While the advisory suggests Bluetooth hijacking is a prerequisite for exploitation due to encryption, the impact of a successful attack on charging infrastructure warrants attention from defenders. ABB has released version 1.8.36 to address these issues and recommends that customers apply the update at earliest convenience. These vulnerabilities are especially relevant to organizations in the energy sector, where these charging stations are deployed worldwide.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains unauthorized access to the ABB Terra AC Wallbox via Bluetooth, bypassing encryption (e.g., through brute-force or vulnerability in the Bluetooth stack).\u003c/li\u003e\n\u003cli\u003eAttacker develops a custom application designed to communicate with the charging station using a self-defined protocol.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious message with an unexpected field length, specifically targeting the memory handling routines.\u003c/li\u003e\n\u003cli\u003eThe crafted message triggers a heap-based buffer overflow (CVE-2025-10504), polluting the heap memory.\u003c/li\u003e\n\u003cli\u003eThe memory corruption allows the attacker to overwrite critical data structures in memory.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the corrupted memory to gain control of the device\u0026rsquo;s execution flow.\u003c/li\u003e\n\u003cli\u003eThe attacker performs a write operation to the flash memory, altering the device\u0026rsquo;s firmware.\u003c/li\u003e\n\u003cli\u003eThe compromised firmware enables the attacker to remotely control the charging station, potentially disrupting service or causing damage.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could allow an attacker to remotely control ABB Terra AC Wallbox devices. This could lead to disruption of electric vehicle charging services, potentially impacting transportation and energy infrastructure. Altering the firmware could introduce malicious functionality, such as denial-of-service attacks or unauthorized access to the power grid. The vulnerabilities affect installations worldwide, with the most immediate concern being in the energy sector. While the advisory acknowledges the need to hijack Bluetooth first, the ability to overwrite firmware has significant implications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the vendor-provided patch (Terra AC wallbox (JP) 1.8.36) to remediate CVE-2025-10504, CVE-2025-12142, and CVE-2025-12143 on affected ABB Terra AC Wallbox devices.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious Bluetooth activity targeting ABB Terra AC Wallbox devices, specifically looking for unexpected data lengths in custom protocol messages (Generic Bluetooth Detection Rule).\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to isolate control system devices like the ABB Terra AC Wallbox from the internet and other business networks, as suggested by CISA.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-21T16:09:18Z","date_published":"2026-05-21T16:09:18Z","id":"https://feed.craftedsignal.io/briefs/2026-05-abb-terra-ac-wallbox-vulns/","summary":"Multiple buffer overflow vulnerabilities in ABB Terra AC Wallbox versions \u003c=1.8.33, exploitable via Bluetooth hijacking, could allow an attacker to remotely control the device and alter its firmware.","title":"ABB Terra AC Wallbox Vulnerabilities Allow Remote Control and Firmware Alteration","url":"https://feed.craftedsignal.io/briefs/2026-05-abb-terra-ac-wallbox-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2025-12142","version":"https://jsonfeed.org/version/1.1"}