CVE-2025-6074
📋 TL;DR
A hard-coded cryptographic key vulnerability in ABB RMC-100 and RMC-100 LITE devices allows attackers to bypass REST interface authentication when the REST interface is enabled. This enables unauthorized access to MQTT configuration data. Affected users are those running vulnerable firmware versions with the REST interface enabled.
💻 Affected Systems
- ABB RMC-100
- ABB RMC-100 LITE
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full control over MQTT configuration, potentially enabling man-in-the-middle attacks, data interception, or injection of malicious commands into industrial control systems.
Likely Case
Unauthorized access to MQTT configuration data, potentially exposing sensitive industrial control system information and enabling further reconnaissance.
If Mitigated
Limited impact if REST interface is disabled or network segmentation prevents attacker access to the control network.
🎯 Exploit Status
Exploitation requires: 1) REST interface enabled, 2) access to source code (to extract hard-coded key), 3) network access to device. No public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check ABB advisory for specific patched versions
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A3623&LanguageCode=en&DocumentPartId=PDF&Action=Launch
Restart Required: Yes
Instructions:
1. Download firmware update from ABB. 2. Follow ABB's firmware update procedure for RMC-100 devices. 3. Verify firmware version after update. 4. Restart device if required by update process.
🔧 Temporary Workarounds
Disable REST Interface
allDisable the REST interface if not required for operations
Configure via device management interface to disable REST API
Network Segmentation
allIsolate RMC-100 devices in separate network segments with strict access controls
Implement firewall rules to restrict access to RMC-100 devices
🧯 If You Can't Patch
- Disable REST interface immediately if not required
- Implement strict network segmentation and access controls to limit exposure
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via device management interface and verify if REST interface is enabledCheck Version:
Check via device web interface or management console for firmware versionVerify Fix Applied:
Verify firmware version is outside affected ranges and test REST interface authentication📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to REST interface
- Authentication bypass logs
- Unusual MQTT configuration changes
Network Indicators:
- Unusual REST API traffic patterns
- Unauthorized access to device REST endpoints
SIEM Query:
Search for authentication failures followed by successful REST API access on RMC-100 devices