1. EXECUTIVE SUMMARY
- CVSS v4 8.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: ABB
- Equipment: RMC-100
- Vulnerabilities: Use of Hard-coded Cryptographic Key, Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to the MQTT configuration data, cause a denial-of-service condition on the MQTT configuration web server (REST interface), or decrypt encrypted MQTT broker credentials.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
ABB reports the following versions of RMC-100 with the REST interface are affected. The vulnerabilities are only present when the REST interface is enabled. This interface is disabled by default:
- RMC-100: 2105457-043 through 2105457-045
- RMC-100 LITE: 2106229-015 through 2106229-016
3.2 VULNERABILITY OVERVIEW
3.2.1 USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
When the REST interface is enabled by the user, and an attacker gains access to the source code and the control network, the attacker can bypass REST interface authentication and gain access to MQTT configuration data.
CVE-2025-6074 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
A CVSS v4 score has also been calculated for CVE-2025-6074. A base score of 6.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: