CISA 2026-05-21

ABB Terra AC Wallbox

Machine-generated analysis · WAYSCloud LLM

The advisory states that exploitation requires prior Bluetooth hijacking, and communication is encrypted, which may limit attack feasibility.

Context

The affected product is the ABB Terra AC Wallbox, specifically the JP variant up to version 1.8.33. The advisory describes multiple buffer overflow vulnerabilities that could allow heap memory pollution, potentially leading to remote control and firmware alteration. Exploitation would require an attacker to first hijack Bluetooth communication, as messages are encrypted. The advisory notes the vulnerabilities are fixed in version 1.8.36.

Operator considerations

Check: Inventory ABB Terra AC Wallbox (JP) units running versions 1.8.33 or earlier.
Patch: Upgrade to version 1.8.36 to address the vulnerabilities.
Log: Monitor for unauthorized Bluetooth pairing attempts if the device is exposed to untrusted environments.

From Cybersecurity and Infrastructure Security Agency ↗

ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash memory to alter the firmware behavior.

The following versions of ABB Terra AC Wallbox are affected:

Terra AC wallbox (JP)

Read the full advisory on CISA →