CVE-2025-6072 is a high-severity stack-based buffer overflow vulnerability affecting ABB's RMC-100 and RMC-100 LITE devices, specifically versions 2105457-043 through 2105457-045 for RMC-100 and 2106229-015 through 2106229-016 for RMC-100 LITE. The vulnerability arises when the REST interface is enabled by the user. An attacker who has gained access to the control network and has exploited a prerequisite vulnerability (CVE-2025-6074) can leverage this buffer overflow by manipulating the JSON configuration, specifically by overflowing the 'date of expiration' field. This overflow can lead to memory corruption, potentially allowing the attacker to execute arbitrary code or cause a denial of service. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow issue. The CVSS v4.0 base score is 8.2, reflecting a high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on availability. No known exploits are reported in the wild yet, but the combination of network accessibility and the potential for high impact makes this vulnerability critical to address promptly. The lack of available patches at the time of publication increases the urgency for mitigation through configuration and network controls.

For European organizations, especially those in critical infrastructure sectors such as energy, manufacturing, and utilities where ABB RMC-100 devices are commonly deployed for remote monitoring and control, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized control over industrial processes, disruption of operations, or even physical damage if safety systems are compromised. The high impact on availability could result in operational downtime, financial losses, and safety hazards. Furthermore, the ability to execute arbitrary code could allow attackers to establish persistent footholds within industrial control networks, facilitating further attacks or espionage. Given the interconnected nature of industrial systems in Europe and the increasing adoption of Industry 4.0 technologies, the ripple effects of such an exploit could extend beyond a single organization, potentially affecting supply chains and critical services.

1. Immediately disable the REST interface on ABB RMC-100 and RMC-100 LITE devices if it is not strictly necessary, as this interface is a prerequisite for exploitation. 2. Restrict network access to the control network by implementing strict network segmentation and firewall rules, ensuring that only authorized management stations can communicate with RMC-100 devices. 3. Monitor network traffic for anomalous JSON configuration requests or unusual activity targeting the 'date of expiration' field. 4. Apply strict access controls and authentication mechanisms on the control network to prevent unauthorized access, even though the vulnerability itself does not require privileges. 5. Coordinate with ABB for timely release and deployment of official patches or firmware updates addressing CVE-2025-6072. 6. Conduct regular security assessments and penetration testing focused on industrial control systems to identify and remediate similar vulnerabilities proactively. 7. Implement intrusion detection/prevention systems (IDS/IPS) tailored for industrial protocols and REST API traffic to detect exploitation attempts.