ABB RMC-100

Plan PatchCVSS 8.7ICS-CERT ICSA-25-084-01Mar 11, 2025

ABBManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB RMC-100 and RMC-100 LITE remote management controllers contain a denial of service (DoS) vulnerability in the web UI. An attacker who can reach the device on the network can send a specially crafted message that causes the web interface to become temporarily unresponsive. The REST interface is disabled by default, but if enabled for MQTT configuration, the device becomes vulnerable. Recovery requires restarting the interface.

What this means

What could happen

An attacker on your network could temporarily disable the web management interface of the RMC-100, preventing administrators from viewing status or making configuration changes until the interface is restarted. This could delay response to process issues or configuration updates.

Who's at risk

Manufacturing facilities using ABB RMC-100 or RMC-100 LITE remote management controllers as part of MQTT-based automation or monitoring systems. The vulnerability affects units in the version ranges 2105457-036 through 2105457-043 (RMC-100) and 2106229-010 through 2106229-015 (RMC-100 LITE).

How it could be exploited

An attacker with network access to the RMC-100 (on your control network) sends a specially crafted message to the REST API endpoint. If the REST interface is enabled, the request causes the web UI to become unresponsive. The attacker does not need credentials, but does need to be able to reach the device on the network.

Prerequisites

Network access to the RMC-100 on port 80 or 443 (typically available only on private control networks)
REST interface must be enabled (disabled by default, so only at risk if administrator enabled it for MQTT configuration)

remotely exploitableno authentication requiredlow complexitydefault configuration is safe

Exploitability

Some exploitation risk — EPSS score 1.5%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

RMC-100 (2105457-036 to 2105457-044)≥ 2105457-036|<2105457-0442105452-048

RMC-100 LITE (2106229-010 to 2106229-016)≥ 2106229-010|<2106229-0162106260-017

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable the REST interface if it is not currently in use for MQTT configuration

HARDENINGRestrict network access to the RMC-100 web interface using firewall rules to allow only trusted engineering workstations or SCADA networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RMC-100 Customer Package to version 2105452-048 or later

HOTFIXUpdate RMC-100 LITE Customer Package to version 2106260-017 or later

Long-term hardening

0/1

HARDENINGEnsure RMC-100 devices are not accessible from office networks, the Internet, or untrusted networks; deploy on isolated control network segments only

CVEs (1)

CVE-2022-24999

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b91a68d8-f5cd-47b5-b2bf-35ef34723406

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.