PatchSiren cyber security CVE debrief
CVE-2025-6071 ABB CVE debrief
CVE-2025-6071 is a medium-severity confidentiality issue affecting ABB RMC-100 and RMC-100 LITE. According to the CISA CSAF advisory, an attacker may gain access to salted information and use it to decrypt MQTT information. ABB and CISA list fixed releases for the affected product lines, and the advisory was later republished with updated vendor information.
- Vendor
- ABB
- Product
- RMC-100
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-03
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-07-03
- Advisory updated
- 2026-05-14
Who should care
Industrial control system operators using ABB RMC-100 or RMC-100 LITE, especially teams that manage device firmware, MQTT-connected deployments, and OT network segmentation.
Technical summary
CISA’s advisory for ICSA-25-196-02 identifies affected ABB RMC-100 versions 2105457-043 through 2105457-045 and RMC-100 LITE versions 2106229-015 through 2106229-016. The issue is rated CVSS 3.1 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating network exposure with low confidentiality impact and no integrity or availability impact listed in the vector. The remediation listed by ABB is RMC-100 version 2105457-046 and RMC-100 LITE version 2106229-018. The source timeline shows an initial publication on 2025-07-03 and a later CISA republication update on 2026-05-14 based on ABB’s advisory.
Defensive priority
Medium. The issue is remotely reachable and affects OT equipment, but the published impact is limited to confidentiality. Patch planning should still be prompt for any exposed or MQTT-dependent deployments.
Recommended defensive actions
- Upgrade ABB RMC-100 to version 2105457-046 or later.
- Upgrade ABB RMC-100 LITE to version 2106229-018 or later.
- Inventory deployed RMC-100 and RMC-100 LITE units to confirm whether affected build ranges are present.
- Prioritize remediation on systems that exchange MQTT data or are reachable from less-trusted network segments.
- Review OT network segmentation and access controls around devices that handle MQTT traffic.
- Use the vendor and CISA advisory references to verify package versions before and after maintenance windows.
Evidence notes
Source evidence comes from the CISA CSAF advisory ICSA-25-196-02 for ABB RMC-100, with supporting ABB advisory references and official CVE/NVD records. The advisory states the issue is that an attacker can gain access to salted information to decrypt MQTT information. CISA metadata lists affected product versions as RMC-100 2105457-043 through 2105457-045 and RMC-100 LITE 2106229-015 through 2106229-016, with fixes in 2105457-046 and 2106229-018. The CVSS vector supplied in the source is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The advisory was first published on 2025-07-03 and republished with an update on 2026-05-14. No KEV listing or ransomware campaign association is indicated in the supplied corpus.
Official resources
-
CVE-2025-6071 CVE record
CVE.org
-
CVE-2025-6071 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed through CISA and ABB advisory channels on 2025-07-03, with a later CISA republication update on 2026-05-14 based on ABB’s advisory.