On May 17, 2023, ABB published an advisory for CVE-2023-0863 and CVE-2023-0864, an Authentication Bypass and Plaintext Communication vulnerabilities affecting ABB’s EV charging station of Terra AC wallbox models within a nearby distance. The vulnerability, scored with high severity, allows threat actors to take over chargers in a few seconds by exploiting ABB’s proprietary messages over Low Energy Bluetooth (BLE), allowing them to override management settings, and perform energy and data theft.
The charger’s management interface is constantly enabled, exposing the charger to attacks without the ability to disable it.
It is highly recommended to update ABB Terra AC charging stations and protect against this vulnerability. More details are available on ABB’s advisory located at this link.
Additionally, an OCPP security message was added to improve the monitoring capabilities of suspicious exploit attempts on BLE communication.
What is CVE 2023-0863
CVSS v3.1 Base Score: 8.8 (High) | CVSS v3.1 Temporal Score: 8.2 (High)
ABB Terra AC wallbox management operations are performed using BLE interface to configure the eMobility provider, drivers identity, firmware updates, and more. This management interface is vulnerable to authentication bypass allowing threat actors to configure a charger to their own demand.
This vulnerability could potentially allow threat actors to disrupt the service of chargers in a site, perform energy theft by setting the charger to free mode, hijack the charger’s management channel, and expose information of victim drivers who use it.
What is CVE 2023-0864
CVSS v3.1 Base Score: 7.1 (High) | CVSS v3.1 Temporal Score: 6.6 (Medium)
The management BLE interface for ABB Terra AC wallbox is vulnerable to plaintext communication of configuration data. The vulnerability might be exploited to perform replay attacks by a threat actor during the time window an operator performs management actions.
OCPP Security Event
In this update, ABB introduced support for OCPP 1.6 security edition 3, indicating when a suspicious behavior is detected over BLE communication channel.
When unusual behavior of BLE communication is detected, an OCPP security message will be sent to the Changing Stations Management System (CSMS) with the
AttemptedReplayAttacks event type.
Which products are affected?
- Terra AC wallbox (UL40/80A) <= 1.5.5
- Terra AC wallbox (UL32A) <= 1.6.5
- Terra AC wallbox (JP) <= 1.6.5
- Terra AC wallbox (CE)
- Terra AC MID <= 1.6.5
- Terra AC Juno CE <= 1.6.5
- Terra AC PTB <= 1.5.25
- Symbiosis <= 1.2.7
Follow us on LinkedIn for more updates: https://www.linkedin.com/company/saiflow/