We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-6074

Authentication Bypass to the MQTT configuration Web Interface



Description

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to source code and control network, the attacker can bypass the REST interface authentication and gain access to MQTT configuration data. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016.

Reserved 2025-06-13 | Published 2025-07-03 | Updated 2025-07-03 | Assigner ABB


MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-321 Use of Hard-coded Cryptographic Key

Product status

Default status
unaffected

2105457-043
affected

Default status
unaffected

2106229-015
affected

Credits

ABB thanks Claroty Team82 Research for helping to identify the vulnerabilities and protecting our customers finder

References

search.abb.com/...geCode=en&DocumentPartId=PDF&Action=Launch

cve.org (CVE-2025-6074)

nvd.nist.gov (CVE-2025-6074)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-6074

Support options

Helpdesk Chat, Email, Knowledgebase