ICSA-26-141-05 · Published 2026-05-21 · View on CISA ICS-CERT ↗

ABB Terra AC Wallbox

CVSS 6.1 MEDIUM

Risk Summary

ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash memory to alter the firmware behavior.

CVEs (3)

CVE-2025-10504 CVE-2025-12142 CVE-2025-12143

Remediations

The problem is corrected in the following product version; apply the following update depending on product variant: Terra AC wallbox (JP) 1.8.36 ABB recommends that customers apply the update at earliest convenience.
To attack with this kind of message, hackers must hijack Bluetooth first and then can send messages. Because the communication messages between BLE and charger have been encrypted. In theory, there is no way to attack the charger.
The problem is corrected in the following product version; apply the following update depending on product variant: Terra AC wallbox (JP) 1.8.36 ABB recommends that customers apply the update at earliest convenience.

Affected Vendors

ABB

Affected Products (2)

ABB · Terra AC wallbox (JP) <=1.8.33

ABB · Terra AC wallbox (JP) 1.8.36

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more