Main Vulnerability Database Vulnerabilities #VU112990

#VU112990 Use of hard-coded cryptographic key in RMC-100 and RMC-100 LITE - CVE-2025-6074

Published: July 16, 2025

Vulnerability identifier: #VU112990

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-6074

CWE-ID: CWE-321

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
RMC-100
RMC-100 LITE

Software vendor:
ABB

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of hard-coded cryptographic key. A remote attacker can bypass REST interface authentication and gain access to MQTT configuration data.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A3623&LanguageCode=en&DocumentPartId=PDF&Action=Launch
https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-02

#VU112990 Use of hard-coded cryptographic key in RMC-100 and RMC-100 LITE - CVE-2025-6074

Description

Remediation

External links

Please verify you're human