SaiFlow's Blog

Featured

ABB Terra AC Buffer Overflow Vulnerability (CVE-2025-5517)

The SaiFlow research team has uncovered a buffer overflow vulnerability in ABB Terra AC chargers, that compromises system integrity. We have demonstrated how we can trigger Denial-of-Service (DoS), making the charger inoperative and unresponsive. The vulnerability could potentially be exploited to achieve RCE. Exploitation of the vulnerability requires MITM capabilities with unencrypted communication, or a compromised Charging Station Management System (CSMS).

Latest insights and industry updates

image of a traffic control center (for a mobility and transportation)

NIST Cybersecurity Framework for EV Extreme Fast Charging Infrastructure

The Electric Vehicle and Extreme Fast Charging (EV/XFC) networks and infrastructure. The newly officialized framework combines industry standards and best practices for securing the evolving EV charging sites and networks.
image of a traffic control center (for a mobility and transportation)

ABB Terra AC Improper Authentication Can Lead To EVSE Takeover (CVE 2023-0863 & CVE 2023-0864)

The SaiFlow research team has discovered two vulnerabilities in high severity allowing remote and unauthorized users, within the range of BLE to takeover the EV charger.
image of a traffic control center (for a mobility and transportation)

The Impact of API Vulnerabilities on CSMS Services & Charging Network Operators – The Use Case of ABB ChargerSync

SaiFlow research team discovered multiple critical vulnerabilities in ChargerSync CSMS allowing adversaries to access customers’ personal information and disrupt charging operations.
image of a traffic control center (for a mobility and transportation)

May 2023 Security Advisory for ABB Terra AC Charging Station

On May 17, 2023, ABB published an advisory for CVE-2023-0863 & CVE-2023-0864, an Authentication Bypass and Plaintext Communication vulnerabilities.
image of a traffic control center (for a mobility and transportation)

Free Vending Mode Security Best Practices

Threat actors could abuse Free Vend functionality to perform energy theft by abusing the CSMS of public and private EV fleet charging sites.
image of a traffic control center (for a mobility and transportation)

NEVI Program Cybersecurity Requirements

Understand NEVI cybersecurity requirements to enhance your offering and maximize your site’s NEVI scoring criteria with Saiflow's platform.