CVE-2025-6074
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-07-03

Last updated on: 2025-07-08

Assigner: Asea Brown Boveri Ltd. (ABB)

Description
Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to source code and control network, the attacker can bypass the REST interface authentication and gain access to MQTT configuration data. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-03
Last Modified
2025-07-08
Generated
2026-05-07
AI Q&A
2025-07-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6074
EUVD
EUVD-2025-19894
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Use of Hard-coded Cryptographic Key issue in ABB RMC-100 and ABB RMC-100 LITE devices. When the REST interface is enabled, an attacker who gains access to the source code and control network can bypass the REST interface authentication and access MQTT configuration data.


How can this vulnerability impact me? :

An attacker exploiting this vulnerability can bypass authentication on the REST interface and gain unauthorized access to MQTT configuration data, potentially leading to unauthorized control or information disclosure within the affected devices.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart