CVE-2025-6072 ABB CVE debrief

Who should care

ABB RMC-100 and RMC-100 LITE owners, OT/ICS operators, plant engineering teams, and security administrators responsible for control-network segmentation and REST interface exposure should review this issue. Priority is highest for environments that have the REST interface enabled or any control-network path accessible to untrusted users.

Technical summary

The CISA/ABB advisory describes an attack chain, not a standalone issue: CVE-2025-6072 becomes relevant when the device REST interface is enabled and an attacker can access the control network, while CVE-2025-6074 is also exploited. Under those conditions, crafted JSON configuration content can overflow the expiration-date field. The advisory assigns CVSS 3.1 7.5 (HIGH) with availability impact only, and lists fixed versions for both affected product lines.

Defensive priority

High

Recommended defensive actions

• Upgrade affected ABB RMC-100 systems to version 2105457-046 or later.
• Upgrade affected ABB RMC-100 LITE systems to version 2106229-018 or later.
• Disable the REST interface unless it is operationally required.
• Restrict and segment access to the control network so only authorized engineering systems can reach the devices.
• Review exposure of JSON-based management/configuration workflows and limit access to trusted administrators only.
• Use CISA and ABB advisory guidance to confirm affected version ranges before scheduling remediation.

Evidence notes

This debrief is based only on the supplied CISA CSAF source item and the linked official advisory records. The advisory was published on 2025-07-03 and updated on 2026-05-14. It states that the issue affects ABB RMC-100 versions 2105457-043 through 2105457-045 and ABB RMC-100 LITE versions 2106229-015 through 2106229-016, with fixes in RMC-100 2105457-046 and RMC-100 LITE 2106229-018. The description explicitly requires the REST interface to be enabled, attacker access to the control network, and exploitation of CVE-2025-6074.

Official resources