ABB Terra AC

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-146-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash memory to alter the firmware behavior. /strong /p p The following versions of ABB Terra AC are affected: /p ul li Terra AC wallbox (UL40/80A) lt;=1.8.32, 1.8.33 /li li Terra AC wallbox (UL32A) lt;=1.8.2, 1.8.34 /li li Terra AC wallbox (MID/ CE) lt;=1.8.32, 1.8.34 /li li Terra AC wallbox (JP) lt;=1.8.2, 1.8.34 /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 6.8 /td td ABB /td td ABB Terra AC /td td Heap-based Buffer Overflow /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-5517 /a /h3 div class= csaf-accordion-content p There is potential risk to pollute the memory when a specially crafted OCPP message may be sent to a target vulnerable charger by exploiting unencrypted communication to the Charging Station Management System (CSMS) or fully remotely from its CSMS server. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-5517 View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB Terra AC /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br ABB /div div class= ics-version strong Product Version: /strong br ABB Terra AC wallbox (UL40/80A) lt;=1.8.32, ABB Terra AC wallbox (UL32A) lt;=1.8.2, ABB Terra AC wallbox (MID/ CE) Terra AC MID lt;=1.8.32, ABB Terra AC wallbox (JP) lt;=1.8.2 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br The problem is corrected in the product versions listed as fixed in the advisory. Terra AC wallbox (UL40/80A) 1.8.33 Terra AC wallbox (UL32A) 1.8.34 Terra AC MID 1.8.34 Terra AC Juno CE 1.8.34 Terra AC PTB 1.8.33 Terra AC wallbox (JP) 1.8.34 Additionally, we strongly recommend not use unsafe mode(http) to connect your charger to your backend even though OCPP is allowed to do in this way, which absolutely cou