We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-6071

Hard Coded Key used for AES encryption



Description

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016.

Reserved 2025-06-13 | Published 2025-07-03 | Updated 2025-07-03 | Assigner ABB


MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-321 Use of Hard-coded Cryptographic Key

Product status

Default status
unaffected

2105457-043
affected

Default status
unaffected

2106229-015
affected

Credits

ABB thanks Claroty Team82 Research for helping to identify the vulnerabilities and protecting our customers finder

References

search.abb.com/...geCode=en&DocumentPartId=PDF&Action=Launch

cve.org (CVE-2025-6071)

nvd.nist.gov (CVE-2025-6071)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-6071

Support options

Helpdesk Chat, Email, Knowledgebase