HomeIntelligenceBrief
VULNERABILITY BRIEF🟡 Medium Vulnerability

Critical Heap/Stack Buffer Overflows in ABB Terra AC Wallbox (CVE‑2025‑10504, CVE‑2025‑12142, CVE‑2025‑12143) Threaten EV Charging Infrastructure

ABB’s Terra AC Wallbox firmware contains three buffer‑overflow bugs that allow remote code execution and flash‑memory tampering. The flaws affect versions ≤ 1.8.33 and 1.8.36, are actively exploitable, and pose a supply‑chain risk for utilities and third‑party EV‑charging operators.

LiveThreat™ Intelligence · 📅 May 22, 2026· 📰 cisa.gov
🟡
Severity
Medium
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Critical Heap/Stack Buffer Overflows in ABB Terra AC Wallbox (CVE‑2025‑10504, CVE‑2025‑12142, CVE‑2025‑12143) Threaten EV Charging Infrastructure

What It Is – ABB’s Terra AC Wallbox (JP) firmware versions ≤ 1.8.33 and 1.8.36 contain three related buffer‑overflow bugs (heap‑based, classic copy‑without‑size‑check, and stack‑based). Successful exploitation lets an attacker corrupt heap memory, gain remote code execution, and write arbitrary data to flash, effectively re‑programming the charger.

Exploitability – Public advisories confirm the flaws are exploitable in the wild; proof‑of‑concept code has been shared in security forums. The CVSS v3.1 base score is 6.1 (Moderate). No known active ransomware or botnet leveraging the bug yet, but the attack surface is low‑complexity (remote over the charger’s management interface).

Affected Products – ABB Terra AC Wallbox (Japan market) firmware ≤ 1.8.33 and version 1.8.36.

TPRM Impact – The wallbox is deployed globally in public EV charging stations, often operated by third‑party site owners, utilities, and fleet managers. A compromised charger can be used to pivot into corporate networks, disrupt service, or tamper with billing data, creating a supply‑chain risk for any organization that relies on ABB‑provided charging infrastructure.

Recommended Actions

  • Verify firmware version on every ABB Terra AC Wallbox in your portfolio.
  • Apply ABB’s remediation patch (firmware ≥ 1.8.34) immediately.
  • Isolate charging stations on a dedicated VLAN and enforce strict firewall rules.
  • Conduct continuous monitoring for anomalous flash‑write activity or unexpected network traffic from chargers.
  • Update third‑party risk registers to reflect the new vulnerability and require vendors to provide proof of patch deployment.

Source: CISA Advisory – ICSA‑26‑141‑05

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-05

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →