OTPulse
FeedAboutContact

RMC - 100 Vulnerabilities in web UI (REST Interface)

Plan Patch7.59akk108471a3623Jul 3, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

ABB RMC-100 and RMC-100 LITE contain multiple vulnerabilities in the web UI REST interface that allow unauthenticated attackers to access MQTT configuration data (CVE-2025-6074), cause denial of service on the MQTT configuration web server (CVE-2025-6073, CVE-2025-6072), and decrypt stored MQTT broker credentials (CVE-2025-6071).

What this means
What could happen
An attacker could cause the MQTT configuration web server to become unavailable, access MQTT configuration data without authentication, or decrypt stored MQTT broker credentials. This could disrupt remote monitoring and control capabilities or expose credentials used for building automation and device communication.
Who's at risk
Building automation and remote monitoring operators using ABB RMC-100 or RMC-100 LITE devices should care. These devices are typically used in HVAC, building energy management, and distributed control applications where MQTT is used for telemetry and command communication.
How it could be exploited
An attacker on the network could send crafted requests to the REST interface of the RMC-100 web UI to trigger a denial of service condition, retrieve MQTT configuration data without credentials, or extract and decrypt the MQTT broker credentials stored in the device configuration.
Prerequisites
  • Network access to the RMC-100 web UI (REST interface)
  • No authentication required for some vulnerabilities (CVE-2025-6074, CVE-2025-6073, CVE-2025-6072)
  • Device must have MQTT broker credentials configured to exploit credential decryption (CVE-2025-6071)
remotely exploitableno authentication required (multiple CVEs)low complexityaffects device configuration and credentialsdenial of service capability
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
RMC-100≥ 2105457-043|≤ 2105457-0452105457-046
RMC-100 LITE≥ 2106229-015|≤ 2106229-0162106229-018
Remediation & Mitigation
0/4
Do now
0/1
RMC-100
HARDENINGRestrict network access to the RMC-100 web UI (REST interface) using firewall rules—only allow connections from authorized engineering workstations and management systems
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

RMC-100
HOTFIXUpdate RMC-100 to firmware version 2105457-046 or later
HOTFIXUpdate RMC-100 LITE to firmware version 2106229-018 or later
All products
HARDENINGRotate MQTT broker credentials after patching
View full ABB PSIRT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/338b2f21-1143-449b-9381-f81d83e13180
RMC - 100 Vulnerabilities in web UI (REST Interface) | CVSS 7.5 - OTPulse