Hard-coded Cryptographic Key Vulnerability in ABB RMC-100 and RMC-100 LITE
CVE-2025-6071

6.3MEDIUM

Key Information:

Vendor: Abb
Status: Rmc-100; Rmc-100 Lite
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-6071?

This vulnerability allows an attacker to exploit hard-coded cryptographic keys embedded within ABB RMC-100 and RMC-100 LITE devices, enabling unauthorized access to encrypted MQTT messages. The affected versions of RMC-100 range from 2105457-043 to 2105457-045, and for RMC-100 LITE, from 2106229-015 to 2106229-016. Addressing this flaw is crucial for maintaining the security of communication within these industrial control systems.

Affected Version(s)

RMC-100 2105457-043 <= 2105457-045

RMC-100 LITE 2106229-015 <= 2106229-016

References

https://search.abb.com/library/Download.aspx?DocumentID=9...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Jun 13, 2025

Credit

ABB thanks Claroty Team82 Research for helping to identify the vulnerabilities and protecting our customers

Abb

What is CVE-2025-6071?

Affected Version(s)

References

CVSS V4

Timeline

Credit