Skip to main content

CVE-2025-6074: CWE-321 Use of Hard-coded Cryptographic Key in ABB RMC-100

Medium
VulnerabilityCVE-2025-6074cvecve-2025-6074cwe-321
Published: Thu Jul 03 2025 (07/03/2025, 16:46:11 UTC)
Source: CVE Database V5
Vendor/Project: ABB
Product: RMC-100

Description

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to source code and control network, the attacker can bypass the REST interface authentication and gain access to MQTT configuration data. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016.

AI-Powered Analysis

AILast updated: 07/03/2025, 17:10:27 UTC

Technical Analysis

CVE-2025-6074 is a medium severity vulnerability affecting ABB's RMC-100 and RMC-100 LITE devices, specifically versions 2105457-043 through 2105457-045 for RMC-100 and 2106229-015 through 2106229-016 for RMC-100 LITE. The vulnerability arises from the use of a hard-coded cryptographic key (CWE-321) embedded within the device's firmware or software. When the REST interface is enabled by the user, an attacker who has obtained access to the source code and the control network can exploit this flaw to bypass REST interface authentication mechanisms. This unauthorized access allows the attacker to retrieve MQTT configuration data, which could include sensitive information related to messaging and device control. The vulnerability does not require user interaction, can be exploited remotely over the network (AV:N), and does not require privileges or authentication (PR:N, AT:P). The CVSS 4.0 base score is 6.3, reflecting a medium severity level. The vulnerability impacts confidentiality and integrity to a limited extent (VC:L, VI:L) but does not affect availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. The issue is critical in environments where these ABB devices are used to manage industrial control systems or critical infrastructure, as unauthorized access to MQTT configurations could facilitate further attacks or disruption.

Potential Impact

For European organizations, especially those in industrial sectors such as energy, manufacturing, and utilities where ABB RMC-100 devices are deployed, this vulnerability poses a significant risk. Unauthorized access to MQTT configuration data could enable attackers to manipulate messaging protocols, potentially leading to unauthorized command execution, data leakage, or disruption of industrial processes. Given the role of ABB devices in critical infrastructure, exploitation could undermine operational integrity and safety. The requirement for network access and source code exposure suggests that internal threat actors or attackers who have already penetrated the network perimeter pose the greatest risk. However, the lack of authentication and user interaction requirements increases the attack surface. European organizations with interconnected industrial control systems (ICS) and operational technology (OT) environments are particularly vulnerable, as these systems often have long lifecycles and may not be regularly updated. The medium severity rating indicates a moderate but non-negligible threat that should be addressed promptly to prevent escalation.

Mitigation Recommendations

1. Disable the REST interface on ABB RMC-100 and RMC-100 LITE devices if it is not strictly necessary, reducing the attack surface. 2. Restrict network access to the control network segment where these devices reside using network segmentation and strict firewall rules to limit exposure to trusted hosts only. 3. Monitor network traffic for unusual MQTT-related activity or unauthorized REST API calls to detect potential exploitation attempts early. 4. Conduct a thorough code and configuration audit to identify any exposure of hard-coded keys and replace or obfuscate them where possible. 5. Implement strict access controls and logging on the control network to detect and respond to unauthorized access attempts. 6. Coordinate with ABB for firmware updates or patches addressing this vulnerability and plan timely deployment once available. 7. Educate internal teams about the risks of exposing source code and control networks to unauthorized personnel to prevent insider threats. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) tailored for ICS/OT environments to detect exploitation attempts targeting this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
ABB
Date Reserved
2025-06-13T14:53:36.691Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6866b5c76f40f0eb72995daa

Added to database: 7/3/2025, 4:54:31 PM

Last enriched: 7/3/2025, 5:10:27 PM

Last updated: 7/3/2025, 8:30:02 PM

Views: 6

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats