ABB Terra AC Charger Firmware Vulnerability Discovered

ABB has identified a heap memory overflow vulnerability (CVE-2025-5517) affecting multiple versions of its Terra AC electric vehicle charging stations worldwide. Attackers could exploit unencrypted OCPP messages to compromise affected chargers, potentially gaining remote control and altering firmware behavior. Impacted models include UL40/80A, UL32A, MID/CE, and JP variants across various firmware versions. ABB recommends users immediately update to patched versions: 1.8.33 or 1.8.34 depending on model. The company also advises against using unencrypted HTTP connections between chargers and management systems, despite OCPP protocol allowing it, to prevent malicious interference.