Memory Corruption Vulnerabilities in ABB EV Charging Infrastructure
ABB Terra AC Wallbox chargers contain three critical memory corruption vulnerabilities that allow attackers to pollute heap, BSS, and stack memory through malformed Bluetooth messages, potentially enabling remote firmware modification. These vulnerabilities affect widely deployed electric vehicle charging infrastructure, representing a significant risk to critical energy systems. While exploitation requires prior Bluetooth hijacking due to encrypted communication, successful attacks could compromise charging station functionality and potentially impact power grid stability. The incident highlights the importance of proactive vulnerability management and rapid patching for IoT devices in critical infrastructure.
Tactical Insight
Immediate actions
- Update all ABB Terra AC Wallbox systems to version 1.8.36 or later immediately
- Conduct vulnerability scans on all IoT and industrial control systems to identify similar risks
- Disable Bluetooth functionality on charging stations where not operationally required
Long-term improvements
- Implement automated patch management systems for critical infrastructure devices
- Establish regular security assessments for all connected industrial equipment
- Create network segmentation to isolate charging infrastructure from corporate networks
Monitoring measures
- Deploy network monitoring to detect unusual Bluetooth communication patterns
- Implement integrity monitoring for firmware on critical infrastructure devices