CVE-2025-6071
📋 TL;DR
A hard-coded cryptographic key vulnerability in ABB RMC-100 and RMC-100 LITE devices allows attackers to decrypt MQTT communications. This affects specific firmware versions of these industrial control system devices, potentially exposing sensitive operational data.
💻 Affected Systems
- ABB RMC-100
- ABB RMC-100 LITE
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of MQTT communications, allowing attackers to intercept, modify, or inject commands into industrial control systems, potentially leading to operational disruption or safety incidents.
Likely Case
Unauthorized access to sensitive operational data transmitted via MQTT, enabling reconnaissance and potential data exfiltration from industrial environments.
If Mitigated
Limited impact if MQTT communications are isolated within secure networks and additional encryption layers are implemented.
🎯 Exploit Status
Exploitation requires network access to MQTT traffic but no authentication once traffic is intercepted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check ABB advisory for specific patched versions
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A3623&LanguageCode=en&DocumentPartId=PDF&Action=Launch
Restart Required: Yes
Instructions:
1. Download firmware update from ABB portal. 2. Follow ABB's firmware update procedure for RMC devices. 3. Verify new firmware version after update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate RMC devices and MQTT traffic to separate VLANs with strict firewall rules
MQTT Encryption Overlay
allImplement additional encryption layer (TLS/SSL) for MQTT communications
🧯 If You Can't Patch
- Implement strict network segmentation to isolate RMC devices from untrusted networks
- Monitor MQTT traffic for unusual patterns and implement intrusion detection
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via ABB web interface or serial consoleCheck Version:
Check via device web interface or refer to ABB documentation for CLI commandsVerify Fix Applied:
Verify firmware version is outside affected ranges after update📡 Detection & Monitoring
Log Indicators:
- Unusual MQTT connection attempts
- Multiple failed decryption attempts
Network Indicators:
- Unencrypted MQTT traffic to/from RMC devices
- Suspicious MQTT topic subscriptions
SIEM Query:
source_ip=RMC_device AND protocol=MQTT AND (payload_size>threshold OR unusual_frequency)