HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Heap Overflow (CVE‑2025‑5517) in ABB Terra AC EV Chargers Enables Remote Firmware Manipulation – CVSS 6.8

A heap‑based buffer overflow (CVE‑2025‑5517) in ABB Terra AC wall‑boxes allows attackers to corrupt memory and rewrite firmware through crafted OCPP messages. The flaw affects multiple charger models worldwide and poses a remote code execution risk to EV‑charging operators and their downstream supply chains.

LiveThreat™ Intelligence · 📅 May 26, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Heap Overflow (CVE‑2025‑5517) in ABB Terra AC EV Chargers Enables Remote Firmware Manipulation

What It Is – A heap‑based buffer overflow (CVE‑2025‑5517) in ABB Terra AC wall‑box firmware allows an attacker to corrupt heap memory and gain remote code execution, potentially rewriting flash firmware. The flaw is triggered by a specially‑crafted OCPP message sent over unencrypted channels.

Exploitability – The vulnerability is publicly disclosed with a CVSS v3 base score of 6.8 (Medium‑High). No public exploit code has been released, but the attack vector is straightforward (malformed OCPP payload) and could be weaponized by threat actors targeting EV‑charging infrastructure.

Affected Products – ABB Terra AC wall‑box models:

  • UL40/80A ≤ 1.8.32, 1.8.33
  • UL32A ≤ 1.8.2, 1.8.34
  • MID/CE ≤ 1.8.32, 1.8.34
  • JP ≤ 1.8.2, 1.8.34

TPRM Impact – EV‑charging stations are often deployed by third‑party operators, facilities managers, and utilities. A compromised charger can become a foothold for lateral movement into corporate networks, affect service availability, and undermine trust in the supply chain of critical‑infrastructure hardware.

Recommended Actions

  • Verify firmware versions on all ABB Terra AC chargers and upgrade to the vendor‑released patches (versions > 1.8.34).
  • Enforce TLS encryption for OCPP communication between chargers and the CSMS.
  • Segment charger networks from core IT environments; apply strict firewall rules limiting inbound traffic to management ports.
  • Conduct a rapid inventory of all ABB charging assets and document remediation status for third‑party risk registers.
  • Monitor CISA and ABB advisories for any emerging exploit evidence.

Source: CISA Advisory – ICSA‑26‑146‑01

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-01

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →