CVE-2025-6071 is a vulnerability identified in ABB's RMC-100 and RMC-100 LITE devices, specifically affecting versions 2105457-043 through 2105457-045 for RMC-100 and 2106229-015 through 2106229-016 for RMC-100 LITE. The vulnerability is classified under CWE-321, which pertains to the use of hard-coded cryptographic keys. In this case, the devices use a hard-coded cryptographic key to protect MQTT (Message Queuing Telemetry Transport) communication data. An attacker who gains access to the salted information can leverage this vulnerability to decrypt MQTT messages, potentially exposing sensitive operational data transmitted between devices or systems. The vulnerability does not require authentication or user interaction and can be exploited remotely over the network, as indicated by the CVSS vector (AV:N/AC:L/AT:P/PR:N/UI:N). The CVSS score of 6.3 (medium severity) reflects the moderate impact and ease of exploitation. The use of hard-coded keys is a critical cryptographic weakness because it undermines the confidentiality of encrypted communications, allowing attackers to bypass encryption protections once the key is discovered or extracted. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk to the confidentiality of MQTT communications in affected ABB devices, which are commonly used in industrial control and automation environments.

For European organizations, especially those in industrial sectors such as manufacturing, energy, utilities, and critical infrastructure, this vulnerability could lead to unauthorized disclosure of sensitive operational data transmitted via MQTT protocols. ABB's RMC-100 devices are often deployed in industrial automation and remote monitoring systems, meaning that exploitation could compromise the confidentiality of control commands, sensor data, or system status information. This exposure could facilitate further attacks such as industrial espionage, sabotage, or disruption of operational technology (OT) environments. The integrity and availability of systems are not directly impacted by this vulnerability, but the loss of confidentiality can have cascading effects on operational security and trustworthiness. Given the increasing reliance on IoT and IIoT devices in European industries, the vulnerability could affect supply chain security and compliance with data protection regulations such as GDPR if sensitive personal or operational data is exposed. The medium severity rating suggests a moderate but non-trivial risk that requires timely mitigation to prevent potential exploitation.

To mitigate CVE-2025-6071, European organizations using ABB RMC-100 or RMC-100 LITE devices should: 1) Immediately check with ABB for firmware updates or patches addressing this vulnerability, as no patch links are currently provided but vendors typically release fixes post-disclosure. 2) If patches are unavailable, implement network segmentation to isolate affected devices from untrusted networks and limit MQTT traffic exposure. 3) Employ additional encryption layers or VPN tunnels for MQTT communications to compensate for the weak built-in cryptography. 4) Monitor network traffic for unusual MQTT message patterns or unauthorized access attempts to detect potential exploitation attempts. 5) Review and harden device configurations to disable unnecessary services and enforce strict access controls. 6) Engage with ABB support to confirm device versions and plan for device replacement if no remediation is feasible. 7) Incorporate this vulnerability into risk assessments and incident response plans to ensure preparedness. These steps go beyond generic advice by focusing on compensating controls and vendor engagement specific to the affected industrial devices and communication protocols.