Overview
CVE-2025-12143 is a MEDIUM severity vulnerability affecting ABB Terra AC wallbox devices. This vulnerability is classified as a stack-based buffer overflow and could potentially allow an attacker to execute arbitrary code or cause a denial-of-service (DoS) condition. It is crucial to apply the recommended mitigation steps to protect your ABB Terra AC wallbox.
Technical Details
The vulnerability, CVE-2025-12143, is a stack-based buffer overflow that exists within the ABB Terra AC wallbox firmware. Specifically, versions up to and including 1.8.33 are affected. A stack buffer overflow occurs when a program writes data beyond the allocated memory region on the stack. This can overwrite adjacent data, including return addresses, leading to control-flow hijacking by a malicious actor.
The precise attack vector and vulnerable function are detailed in ABB’s advisory. An attacker could potentially exploit this vulnerability by sending a specially crafted network request or providing malicious input through another accessible interface. The specific exploitation details are outlined in the ABB security advisory.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) score for CVE-2025-12143 is 6.1 (Medium).
While the CVSS score is classified as medium severity, the potential impact of a successful exploit can be significant. The Base Score considers factors such as attack vector, attack complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact. Review ABB’s security bulletin for the full CVSS vector string.
Possible Impact
Successful exploitation of CVE-2025-12143 could lead to several negative consequences:
- Arbitrary Code Execution: An attacker could potentially execute arbitrary code on the device, gaining control of the ABB Terra AC wallbox.
- Denial of Service (DoS): The vulnerability could be exploited to crash the device, leading to a denial of service and preventing it from functioning correctly.
- Data Manipulation: An attacker might be able to manipulate the device’s configuration or operational data.
Mitigation or Patch Steps
ABB has released a security advisory addressing this vulnerability. The recommended mitigation is to update the ABB Terra AC wallbox firmware to a version newer than 1.8.33. Please follow these steps:
- Visit the ABB website for the latest firmware update for your specific Terra AC wallbox model.
- Download the appropriate firmware update.
- Follow the instructions provided by ABB to install the update on your device. Back up your configuration before upgrading.
- Verify that the update has been successfully applied and that the vulnerability is no longer present.
Note: Always download firmware updates from the official ABB website to ensure the integrity and authenticity of the software.