OTPulse
FeedAboutContact

ABB RMC-100

Plan Patch8.7ICS-CERT ICSA-25-084-01Mar 25, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The RMC-100 and RMC-100 LITE relay controllers contain a vulnerability in the REST interface that allows an unauthenticated attacker to trigger a denial of service. An attacker who can reach the device on the control network can send a specially crafted message to the web UI, causing it to become unresponsive until manually restarted. This affects RMC-100 versions 2105457-036 through 2105457-043 and RMC-100 LITE versions 2106229-010 through 2106229-015. The REST interface is disabled by default, so risk is minimal unless explicitly enabled for MQTT configuration. The device is not intended for internet exposure.

What this means
What could happen
An attacker on your control network could send a malformed message to the RMC-100 web interface, causing it to become unresponsive and require manual restart. This temporarily disables remote monitoring and configuration of the relay controller.
Who's at risk
Manufacturing facilities using ABB RMC-100 relay controllers for power monitoring and automation, especially those with MQTT integration enabled. Both the standard RMC-100 and RMC-100 LITE models are affected.
How it could be exploited
An attacker with network access to the RMC-100 REST interface (disabled by default but enabled if you are using MQTT configuration) sends a specially crafted message to the web UI. The message triggers a crash or hang that persists until the device is manually restarted.
Prerequisites
  • Network access to the RMC-100 device on your control network
  • REST interface must be enabled (it is disabled by default)
  • No authentication required to send the malformed message
remotely exploitable on control networkno authentication requiredlow complexity attackdenial of service impactREST interface disabled by default reduces risk
Exploitability
Moderate exploit probability (EPSS 1.5%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
RMC-100 (2105457-036 to 2105457-044)≥ 2105457-036|<2105457-0442105452-048
RMC-100 LITE (2106229-010 to 2106229-016)≥ 2106229-010|<2106229-0162106260-017
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDDisable the REST interface when not actively configuring MQTT functionality
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RMC-100 to firmware 2105452-048 or later
HOTFIXUpdate RMC-100 LITE to firmware 2106260-017 or later
Long-term hardening
0/1
HARDENINGEnsure network segmentation: isolate the RMC-100 and control network behind firewalls, separate from office networks and internet access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b91a68d8-f5cd-47b5-b2bf-35ef34723406
ABB RMC-100 | CVSS 8.7 - OTPulse