CVE-2023-0863 : Security Advisory and Response
Learn about CVE-2023-0863, an improper authentication vulnerability in ABB Terra AC wallbox products, enabling attackers to bypass authentication via Bluetooth Low Energy (BLE) channel. Find mitigation steps and updates.
This CVE-2023-0863 involves an improper authentication vulnerability in various ABB Terra AC wallbox products, enabling attackers to bypass authentication via the Bluetooth Low Energy (BLE) channel.
Understanding CVE-2023-0863
This section provides an overview of the vulnerability's impact and technical details.
What is CVE-2023-0863?
The CVE-2023-0863 vulnerability pertains to improper authentication in ABB Terra AC wallbox products, including Terra AC wallbox (UL40/80A), Terra AC wallbox (UL32A), Terra AC wallbox (CE) (Terra AC MID), Terra AC wallbox (CE) Terra AC Juno CE, Terra AC wallbox (CE) Terra AC PTB, Terra AC wallbox (CE) Symbiosis, and Terra AC wallbox (JP). Attackers can exploit this vulnerability to bypass authentication via the BLE channel.
The Impact of CVE-2023-0863
The impact of this vulnerability is significant, with a high CVSSv3.1 base score of 8.8. It poses high risks to confidentiality, integrity, and availability, with low attack complexity and no required privileges.
Technical Details of CVE-2023-0863
This section delves into the vulnerability description, affected systems and versions, and the exploitation mechanism.
Vulnerability Description
The vulnerability allows unauthorized individuals to bypass authentication on ABB Terra AC wallbox products using the BLE channel, compromising the security of these systems.
Affected Systems and Versions
The following ABB Terra AC wallbox products are affected:
- Terra AC wallbox (UL40/80A) versions 1.0;0 through 1.5.5
- Terra AC wallbox (UL32A) versions 1.0;0 through 1.6.5
- Terra AC wallbox (CE) (Terra AC MID) versions 1.0;0 through 1.6.5
- Terra AC wallbox (CE) Terra AC Juno CE versions 1.0;0 through 1.6.5
- Terra AC wallbox (CE) Terra AC PTB versions 1.0;0 through 1.5.25
- Terra AC wallbox (CE) Symbiosis versions 1.0;0 through 1.2.7
- Terra AC wallbox (JP) versions 1.0;0 through 1.6.5
Exploitation Mechanism
Attackers can exploit the vulnerability by leveraging the improper authentication mechanisms in the affected ABB Terra AC wallbox products to access and control the devices without proper authorization.
Mitigation and Prevention
To mitigate the risks associated with CVE-2023-0863, organizations and individuals should take immediate steps and adopt long-term security practices.
Immediate Steps to Take
- Disable BLE connectivity on the affected ABB Terra AC wallbox products if possible.
- Monitor for any unauthorized access or suspicious activities on the devices.
- Implement network segmentation to limit the impact of potential unauthorized access.
Long-Term Security Practices
- Regularly apply security updates and patches provided by ABB for the affected products.
- Conduct security training and awareness programs to educate users on best security practices.
- Implement strong authentication mechanisms and access controls to prevent unauthorized access to critical systems.
Patching and Updates
Ensure that all ABB Terra AC wallbox products are updated with the latest firmware and security patches to address the CVE-2023-0863 vulnerability and enhance overall security posture.