ABB RMC-100

Plan Patch8.2ICS-CERT ICSA-25-196-02Jul 15, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The RMC-100 and RMC-100 LITE controllers contain multiple vulnerabilities in their REST API interface for MQTT configuration. An unauthenticated attacker can access MQTT configuration data, cause denial-of-service on the REST web server, or decrypt stored MQTT broker credentials. The vulnerabilities exist in firmware versions RMC-100 >=2105457-043 through <=2105457-045 and RMC-100 LITE >=2106229-015 through <=2106229-016. No vendor patch is available for these products.

What this means

What could happen

An attacker with access to your control network could read MQTT configuration data, crash the REST web interface, or decrypt stored broker credentials without authentication. This could lead to unauthorized changes to process automation or loss of connectivity to messaging systems.

Who's at risk

Manufacturing facilities using ABB RMC-100 or RMC-100 LITE controllers for MQTT-based process automation and messaging should be concerned. These devices are typically used in distributed control networks to manage industrial processes like production scheduling, data collection, and system integration.

How it could be exploited

An attacker on your internal control network can send unauthenticated requests to the REST interface to read configuration files, cause the web server to stop responding, or decrypt MQTT broker passwords stored on the RMC-100 device. No credentials or special knowledge of your system configuration is required.

Prerequisites

Access to the RMC-100 device over your internal control network (port/protocol not specified in advisory)
REST interface enabled on the device (enabled by default)
Network connectivity from attacker's machine to the RMC-100

No authentication requiredRemotely exploitable over local networkLow complexity attackNo patch availableAffects process control and messaging systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

RMC-100: >=2105457-043|<=2105457-045≥ 2105457-043|≤ 2105457-045No fix (EOL)

RMC-100 LITE: >=2106229-015|<=2106229-016≥ 2106229-015|≤ 2106229-016No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDisable the REST interface on RMC-100 devices when MQTT configuration is not actively being performed.

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: RMC-100: >=2105457-043|<=2105457-045, RMC-100 LITE: >=2106229-015|<=2106229-016. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate the RMC-100 and control network from office/business networks and the Internet.

HARDENINGRestrict network access to the RMC-100 at the firewall level to only authorized configuration and control systems.

HARDENINGInstall physical access controls to prevent unauthorized personnel from directly connecting to control network devices.

CVEs (4)

CVE-2025-6074 CVE-2025-6073 CVE-2025-6072 CVE-2025-6071

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6d5edc7f-17ff-4623-9f40-a86fa3fb574c