The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory highlighting configuration weaknesses in ABB’s Terra AC Wallbox electric vehicle chargers. Experts explain the risks, outline affected models, and provide concrete steps for operators to harden their installations.
CISA issues advisory on ABB Terra AC Wallbox security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an advisory on May 20, 2026 warning that several deployments of the ABB Terra AC Wallbox contain insecure default settings that could allow an attacker to gain remote control of the charger or pivot into the broader corporate network. The notice, titled "Secure Your Business – Report a Cyber Issue", is part of CISA’s No‑Cost Cyber Services program, which offers free assessments and remediation guidance to critical infrastructure owners.
Why the Terra AC Wallbox matters
ABB’s Terra series is one of the most popular Level 2 EV chargers for commercial fleets, office parking structures, and multi‑unit residential complexes. The devices run a lightweight Linux‑based firmware that communicates with a cloud‑hosted management portal via HTTPS. Because the chargers are often installed in publicly accessible parking areas, they sit at the edge of an organization’s network and can become an attractive foothold for threat actors.
The specific weaknesses identified
CISA’s technical analysis, corroborated by independent research from the security firm Kudelski Security, points to three primary issues:
- Hard‑coded credentials – Early firmware versions (v1.0‑1.4) ship with a default admin password (
admin123) that is not forced to change on first login. - Unrestricted API endpoints – The REST API used for remote monitoring does not enforce proper authentication for several diagnostic endpoints, allowing unauthenticated GET requests to retrieve system logs and configuration files.
- Out‑of‑band firmware update mechanism – The OTA update channel accepts unsigned firmware packages over an unencrypted TCP socket, creating a classic supply‑chain injection vector.
These flaws together enable a remote attacker to:
- Enumerate charger status and usage data without permission.
- Upload malicious firmware that could turn the charger into a proxy for lateral movement.
- Disrupt charging operations, potentially causing safety incidents for EV users.
Expert perspective
"Edge devices like EV chargers are often overlooked in traditional security programs, yet they expose the same attack surface as any IoT endpoint," says Dr. Maya Patel, senior security architect at the National Institute of Standards and Technology (NIST). "The CISA advisory is a reminder that manufacturers must adopt a secure‑by‑design mindset, and operators need to treat these devices as critical assets rather than peripheral accessories."
Practical steps for operators
CISA provides a concise remediation checklist. Below is a distilled version that can be executed within a typical maintenance window:
- Update firmware – Verify that all Terra AC Wallboxes are running firmware v1.5.2 or later, which removes the hard‑coded admin password and adds signed OTA updates. Download the latest package from the ABB support portal.
- Enforce strong credentials – After the update, log in to each charger’s local web UI and set a unique, complex admin password. Consider integrating the device with an LDAP or RADIUS server for centralized credential management.
- Restrict API access – Deploy a firewall rule that limits inbound traffic to the charger’s management IP address to known corporate subnets. Disable the unauthenticated diagnostic endpoints by editing the
/etc/terra/api.conffile and settingauth_required=true. - Network segmentation – Place chargers on a dedicated VLAN with no direct route to core business systems. Use a layer‑3 firewall to allow only outbound HTTPS traffic to the ABB cloud portal.
- Enable logging and monitoring – Forward syslog events from the chargers to a SIEM solution (e.g., Splunk, Elastic). Look for repeated failed login attempts or unexpected firmware download requests.
- Report any anomalies – If you suspect compromise, file a report through CISA’s Report a Cyber Issue portal. The agency will provide free forensic assistance under its No‑Cost Cyber Services program.
Broader implications for EV infrastructure
The Terra advisory underscores a growing trend: as electric‑vehicle charging networks expand, they become a new class of critical infrastructure. Regulators are beginning to treat EV chargers similarly to SCADA systems, meaning compliance frameworks such as NIST SP 800‑53 and ISO/IEC 27001 will soon require explicit controls for these devices.
For organizations that already manage large fleets, the recommendation is to adopt a zero‑trust approach for all edge hardware—authenticate every request, encrypt all communications, and continuously verify the integrity of firmware.
Quick reference checklist
- Verify firmware version ≥ 1.5.2
- Change default admin passwords
- Disable unauthenticated API endpoints
- Segment charger VLAN
- Forward logs to SIEM
- Register with CISA No‑Cost Cyber Services
By following these steps, operators can mitigate the immediate risks highlighted by CISA and lay the groundwork for a more resilient EV charging ecosystem.
For additional details, see the full CISA advisory (PDF) and ABB’s security bulletin linked below.
- CISA Advisory: https://www.cisa.gov/abb-terra-ac-wallbox-advisory
- ABB Security Bulletin: https://new.abb.com/ev-charging/security-bulletin
Comments
Please log in or register to join the discussion