CVE-2025-6072
📋 TL;DR
A stack-based buffer overflow vulnerability in ABB RMC-100 and RMC-100 LITE devices allows attackers to execute arbitrary code when exploiting CVE-2025-6074 and sending malformed JSON configuration data to the REST interface. This affects industrial control systems using these specific ABB products with vulnerable firmware versions. Attackers need network access to exploit this vulnerability.
💻 Affected Systems
- ABB RMC-100
- ABB RMC-100 LITE
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full device compromise leading to arbitrary code execution, potential disruption of industrial processes, and lateral movement within the control network.
Likely Case
Device crash or denial of service affecting industrial operations, with potential for limited code execution in constrained environments.
If Mitigated
No impact if REST interface is disabled or network segmentation prevents access to vulnerable devices.
🎯 Exploit Status
Requires chaining with CVE-2025-6074 and network access to the control system. Buffer overflow occurs in date of expiration field processing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check ABB advisory for specific patched versions
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A3623&LanguageCode=en&DocumentPartId=PDF&Action=Launch
Restart Required: Yes
Instructions:
1. Download firmware update from ABB portal. 2. Follow ABB's firmware update procedure for RMC devices. 3. Verify successful update and restart device.
🔧 Temporary Workarounds
Disable REST Interface
allDisable the REST interface if not required for operations
Configure via ABB device management interface to disable REST API
Network Segmentation
allIsolate RMC devices in separate VLAN with strict access controls
Configure firewall rules to restrict access to RMC devices from authorized systems only
🧯 If You Can't Patch
- Implement strict network segmentation to isolate RMC devices from untrusted networks
- Deploy intrusion detection systems to monitor for exploitation attempts and buffer overflow patterns
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via ABB management interface and compare against vulnerable rangesCheck Version:
Use ABB device management tools or check device configuration interfaceVerify Fix Applied:
Verify firmware version is outside vulnerable ranges and test REST interface functionality📡 Detection & Monitoring
Log Indicators:
- Unusual REST API requests
- Device crash/restart logs
- Buffer overflow error messages
Network Indicators:
- Malformed JSON requests to RMC REST endpoints
- Unusual traffic patterns to industrial control devices
SIEM Query:
source="rmc-device" AND (event="buffer_overflow" OR event="crash" OR http_request CONTAINS "date_of_expiration")