CVE-2025-6074

Name of the Vulnerable Software and Affected Versions: ABB RMC-100 versions 2105457-043 through 2105457-045 ABB RMC-100 LITE versions 2106229-015 through 2106229-016

Description: The issue is related to the use of a hard-coded cryptographic key. When the REST interface is enabled and an attacker gains access to the source code and control network, they can bypass the REST interface authentication and gain access to MQTT configuration data.

Recommendations: For ABB RMC-100 versions 2105457-043 through 2105457-045, consider disabling the REST interface until a patch is available to prevent exploitation. For ABB RMC-100 LITE versions 2106229-015 through 2106229-016, restrict access to the MQTT configuration data to minimize the risk of unauthorized access. As a temporary workaround, consider restricting network access to the affected devices until a fix is provided.