CVE-2025-6074 is a medium severity vulnerability affecting ABB's RMC-100 and RMC-100 LITE devices, specifically versions 2105457-043 through 2105457-045 for RMC-100 and 2106229-015 through 2106229-016 for RMC-100 LITE. The vulnerability arises from the use of a hard-coded cryptographic key (CWE-321) embedded within the device's firmware or software. When the REST interface is enabled by the user, an attacker who has obtained access to the source code and the control network can exploit this flaw to bypass REST interface authentication mechanisms. This unauthorized access allows the attacker to retrieve MQTT configuration data, which could include sensitive information related to messaging and device control. The vulnerability does not require user interaction, can be exploited remotely over the network (AV:N), and does not require privileges or authentication (PR:N, AT:P). The CVSS 4.0 base score is 6.3, reflecting a medium severity level. The vulnerability impacts confidentiality and integrity to a limited extent (VC:L, VI:L) but does not affect availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. The issue is critical in environments where these ABB devices are used to manage industrial control systems or critical infrastructure, as unauthorized access to MQTT configurations could facilitate further attacks or disruption.

For European organizations, especially those in industrial sectors such as energy, manufacturing, and utilities where ABB RMC-100 devices are deployed, this vulnerability poses a significant risk. Unauthorized access to MQTT configuration data could enable attackers to manipulate messaging protocols, potentially leading to unauthorized command execution, data leakage, or disruption of industrial processes. Given the role of ABB devices in critical infrastructure, exploitation could undermine operational integrity and safety. The requirement for network access and source code exposure suggests that internal threat actors or attackers who have already penetrated the network perimeter pose the greatest risk. However, the lack of authentication and user interaction requirements increases the attack surface. European organizations with interconnected industrial control systems (ICS) and operational technology (OT) environments are particularly vulnerable, as these systems often have long lifecycles and may not be regularly updated. The medium severity rating indicates a moderate but non-negligible threat that should be addressed promptly to prevent escalation.

1. Disable the REST interface on ABB RMC-100 and RMC-100 LITE devices if it is not strictly necessary, reducing the attack surface. 2. Restrict network access to the control network segment where these devices reside using network segmentation and strict firewall rules to limit exposure to trusted hosts only. 3. Monitor network traffic for unusual MQTT-related activity or unauthorized REST API calls to detect potential exploitation attempts early. 4. Conduct a thorough code and configuration audit to identify any exposure of hard-coded keys and replace or obfuscate them where possible. 5. Implement strict access controls and logging on the control network to detect and respond to unauthorized access attempts. 6. Coordinate with ABB for firmware updates or patches addressing this vulnerability and plan timely deployment once available. 7. Educate internal teams about the risks of exposing source code and control networks to unauthorized personnel to prevent insider threats. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) tailored for ICS/OT environments to detect exploitation attempts targeting this vulnerability.