CISA 2026-05-26

ABB Terra AC

CVE-2025-5517

Machine-generated analysis · WAYSCloud LLM

The advisory states that unencrypted OCPP communications can enable exploitation of a heap-based buffer overflow, potentially allowing remote firmware manipulation.

Context

The ABB Terra AC is an electric vehicle charging station deployed globally across commercial, manufacturing, energy, and transportation sectors. The advisory describes a heap-based buffer overflow vulnerability (CVE-2025-5517) that could allow an attacker to pollute heap memory and alter firmware via a crafted OCPP message. Exploitation may occur remotely through unencrypted communication with the Charging Station Management System. Notably, the vendor explicitly warns against using HTTP for backend connections, citing inherent risks.

Operator considerations

Check: Inventory all ABB Terra AC wallboxes and verify firmware versions against the affected list.
Patch: Upgrade devices to the fixed firmware versions specified in the advisory.
Isolate: Ensure OCPP communications are not conducted over unencrypted HTTP connections.
Log: Monitor for unexpected firmware changes or anomalous messages from the CSMS.

From Cybersecurity and Infrastructure Security Agency ↗

ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash memory to alter the firmware behavior.

The following versions of ABB Terra AC are affected:

Terra AC wallbox (UL40/80A)

Read the full advisory on CISA →