CVE-2023-0864 (GCVE-0-2023-0864)
Vulnerability from cvelistv5
Published
2023-05-17 07:15
Modified
2025-01-22 16:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | Terra AC wallbox (UL40/80A) |
Version: 1.0;0 < |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:49:48.531006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:50:21.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL40/80A)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (UL32A) ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) (Terra AC MID)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC Juno CE",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Terra AC PTB ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.5.25",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (CE) Symbiosis",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Terra AC wallbox (JP)",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.6.5",
"status": "affected",
"version": "1.0;0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements."
}
],
"datePublic": "2023-05-16T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).\u003cp\u003eThis issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\u003c/p\u003e"
}
],
"value": "Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T07:15:52.371Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-0864",
"datePublished": "2023-05-17T07:15:52.371Z",
"dateReserved": "2023-02-16T13:04:48.837Z",
"dateUpdated": "2025-01-22T16:50:21.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:24:34.668Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-0864\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-22T16:49:48.531006Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-22T16:48:11.841Z\"}}], \"cna\": {\"title\": \"Configuration data is exchanged in plaintext and could be available to a nearby attacker if present during configuration or usage of the device via Bluetooth Low Energy (BLE).\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"ABB acknowledges and thanks Andi Leach and Puck Meerburg who responsibly disclosed these vulnerabilities and provided valuable input on product improvements. ABB also acknowledges and thanks Lionel R. Saposnik from Saiflow who also responsibly disclosed these vulnerabilities and provided valuable input on product improvements.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ABB\", \"product\": \"Terra AC wallbox (UL40/80A)\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0;0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.5.5\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ABB\", \"product\": \"Terra AC wallbox (UL32A) \", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0;0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.6.5\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ABB\", \"product\": \"Terra AC wallbox (CE) (Terra AC MID)\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0;0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.6.5\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ABB\", \"product\": \"Terra AC wallbox (CE) Terra AC Juno CE\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0;0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.6.5\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ABB\", \"product\": \"Terra AC wallbox (CE) Terra AC PTB \", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0;0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.5.25\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ABB\", \"product\": \"Terra AC wallbox (CE) Symbiosis\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0;0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.7\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"ABB\", \"product\": \"Terra AC wallbox (JP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0;0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.6.5\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-05-16T18:30:00.000Z\", \"references\": [{\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A1415\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).\u003cp\u003eThis issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-319\", \"description\": \"CWE-319 Cleartext Transmission of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"2b718523-d88f-4f37-9bbd-300c20644bf9\", \"shortName\": \"ABB\", \"dateUpdated\": \"2023-05-17T07:15:52.371Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-0864\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-22T16:50:21.453Z\", \"dateReserved\": \"2023-02-16T13:04:48.837Z\", \"assignerOrgId\": \"2b718523-d88f-4f37-9bbd-300c20644bf9\", \"datePublished\": \"2023-05-17T07:15:52.371Z\", \"assignerShortName\": \"ABB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…