CVE-2025-6072: CWE-121 Stack-based Buffer Overflow in ABB RMC-100
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016.
AI Analysis
Technical Summary
CVE-2025-6072 is a high-severity stack-based buffer overflow vulnerability affecting ABB's RMC-100 and RMC-100 LITE devices, specifically versions 2105457-043 through 2105457-045 for RMC-100 and 2106229-015 through 2106229-016 for RMC-100 LITE. The vulnerability arises when the REST interface is enabled by the user. An attacker who has gained access to the control network and has exploited a prerequisite vulnerability (CVE-2025-6074) can leverage this buffer overflow by manipulating the JSON configuration, specifically by overflowing the 'date of expiration' field. This overflow can lead to memory corruption, potentially allowing the attacker to execute arbitrary code or cause a denial of service. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow issue. The CVSS v4.0 base score is 8.2, reflecting a high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on availability. No known exploits are reported in the wild yet, but the combination of network accessibility and the potential for high impact makes this vulnerability critical to address promptly. The lack of available patches at the time of publication increases the urgency for mitigation through configuration and network controls.
Potential Impact
For European organizations, especially those in critical infrastructure sectors such as energy, manufacturing, and utilities where ABB RMC-100 devices are commonly deployed for remote monitoring and control, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized control over industrial processes, disruption of operations, or even physical damage if safety systems are compromised. The high impact on availability could result in operational downtime, financial losses, and safety hazards. Furthermore, the ability to execute arbitrary code could allow attackers to establish persistent footholds within industrial control networks, facilitating further attacks or espionage. Given the interconnected nature of industrial systems in Europe and the increasing adoption of Industry 4.0 technologies, the ripple effects of such an exploit could extend beyond a single organization, potentially affecting supply chains and critical services.
Mitigation Recommendations
1. Immediately disable the REST interface on ABB RMC-100 and RMC-100 LITE devices if it is not strictly necessary, as this interface is a prerequisite for exploitation. 2. Restrict network access to the control network by implementing strict network segmentation and firewall rules, ensuring that only authorized management stations can communicate with RMC-100 devices. 3. Monitor network traffic for anomalous JSON configuration requests or unusual activity targeting the 'date of expiration' field. 4. Apply strict access controls and authentication mechanisms on the control network to prevent unauthorized access, even though the vulnerability itself does not require privileges. 5. Coordinate with ABB for timely release and deployment of official patches or firmware updates addressing CVE-2025-6072. 6. Conduct regular security assessments and penetration testing focused on industrial control systems to identify and remediate similar vulnerabilities proactively. 7. Implement intrusion detection/prevention systems (IDS/IPS) tailored for industrial protocols and REST API traffic to detect exploitation attempts.
Affected Countries
Germany, France, Italy, United Kingdom, Netherlands, Sweden, Finland, Belgium, Poland
CVE-2025-6072: CWE-121 Stack-based Buffer Overflow in ABB RMC-100
Description
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016.
AI-Powered Analysis
Technical Analysis
CVE-2025-6072 is a high-severity stack-based buffer overflow vulnerability affecting ABB's RMC-100 and RMC-100 LITE devices, specifically versions 2105457-043 through 2105457-045 for RMC-100 and 2106229-015 through 2106229-016 for RMC-100 LITE. The vulnerability arises when the REST interface is enabled by the user. An attacker who has gained access to the control network and has exploited a prerequisite vulnerability (CVE-2025-6074) can leverage this buffer overflow by manipulating the JSON configuration, specifically by overflowing the 'date of expiration' field. This overflow can lead to memory corruption, potentially allowing the attacker to execute arbitrary code or cause a denial of service. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow issue. The CVSS v4.0 base score is 8.2, reflecting a high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on availability. No known exploits are reported in the wild yet, but the combination of network accessibility and the potential for high impact makes this vulnerability critical to address promptly. The lack of available patches at the time of publication increases the urgency for mitigation through configuration and network controls.
Potential Impact
For European organizations, especially those in critical infrastructure sectors such as energy, manufacturing, and utilities where ABB RMC-100 devices are commonly deployed for remote monitoring and control, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized control over industrial processes, disruption of operations, or even physical damage if safety systems are compromised. The high impact on availability could result in operational downtime, financial losses, and safety hazards. Furthermore, the ability to execute arbitrary code could allow attackers to establish persistent footholds within industrial control networks, facilitating further attacks or espionage. Given the interconnected nature of industrial systems in Europe and the increasing adoption of Industry 4.0 technologies, the ripple effects of such an exploit could extend beyond a single organization, potentially affecting supply chains and critical services.
Mitigation Recommendations
1. Immediately disable the REST interface on ABB RMC-100 and RMC-100 LITE devices if it is not strictly necessary, as this interface is a prerequisite for exploitation. 2. Restrict network access to the control network by implementing strict network segmentation and firewall rules, ensuring that only authorized management stations can communicate with RMC-100 devices. 3. Monitor network traffic for anomalous JSON configuration requests or unusual activity targeting the 'date of expiration' field. 4. Apply strict access controls and authentication mechanisms on the control network to prevent unauthorized access, even though the vulnerability itself does not require privileges. 5. Coordinate with ABB for timely release and deployment of official patches or firmware updates addressing CVE-2025-6072. 6. Conduct regular security assessments and penetration testing focused on industrial control systems to identify and remediate similar vulnerabilities proactively. 7. Implement intrusion detection/prevention systems (IDS/IPS) tailored for industrial protocols and REST API traffic to detect exploitation attempts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- ABB
- Date Reserved
- 2025-06-13T14:53:31.753Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6866b5c76f40f0eb72995da4
Added to database: 7/3/2025, 4:54:31 PM
Last enriched: 7/3/2025, 5:09:52 PM
Last updated: 7/4/2025, 1:48:39 AM
Views: 5
Related Threats
CVE-2025-7053: Cross Site Scripting in Cockpit
MediumCVE-2025-7046: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dotrex Portfolio for Elementor & Image Gallery | PowerFolio
MediumCVE-2025-6814: CWE-862 Missing Authorization in dunskii Booking X – Appointment and Reservation Availability Calendar
HighCVE-2025-6787: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ibachal Smart Docs
MediumCVE-2025-6786: CWE-284 Improper Access Control in antwerpes DocCheck Login
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.