CVE-2025-6073 is a high-severity stack-based buffer overflow vulnerability (CWE-121) affecting ABB's RMC-100 and RMC-100 LITE products, specifically versions 2105457-043 through 2105457-045 for RMC-100 and 2106229-015 through 2106229-016 for RMC-100 LITE. The vulnerability arises when the REST interface is enabled by the user, and user/password broker authentication is also enabled. An attacker who has gained access to the control network and has exploited CVE-2025-6074 can trigger a buffer overflow by sending crafted username or password inputs. This overflow can corrupt the stack, potentially leading to arbitrary code execution or denial of service. The vulnerability does not require prior authentication or user interaction, and the attack vector is network-based, making it remotely exploitable. The CVSS 4.0 score is 8.2, reflecting high severity due to the ease of exploitation and the potential for significant impact on confidentiality, integrity, and availability. The lack of known exploits in the wild suggests it is a recently disclosed vulnerability, but the critical nature of the affected systems—industrial control devices—makes it a serious concern for operational technology environments.

For European organizations, especially those operating in industrial sectors such as manufacturing, energy, utilities, and critical infrastructure, this vulnerability poses a significant risk. ABB's RMC-100 series devices are used for remote monitoring and control in industrial automation systems. Exploitation could allow attackers to disrupt industrial processes, cause equipment malfunctions, or gain persistent unauthorized access to control networks. This could lead to operational downtime, safety hazards, data breaches, and financial losses. Given the critical role of industrial control systems in European economies and infrastructure, successful exploitation could have cascading effects on supply chains and public safety. Furthermore, the vulnerability's network-based nature means that attackers who have penetrated the control network perimeter could leverage this flaw to escalate privileges or move laterally within the network.

To mitigate this vulnerability, European organizations should first ensure that the REST interface is disabled if not explicitly required, reducing the attack surface. Where the REST interface and user/password broker authentication are necessary, strict network segmentation should be enforced to limit access to the control network only to trusted entities. Implementing robust intrusion detection and prevention systems tailored for industrial control networks can help detect anomalous authentication attempts or buffer overflow exploit attempts. Organizations should monitor for updates or patches from ABB and apply them promptly once available. In the interim, applying compensating controls such as strict access control lists (ACLs), multi-factor authentication on management interfaces, and continuous network monitoring is critical. Additionally, conducting regular security assessments and penetration testing focused on industrial control systems can help identify and remediate related vulnerabilities.