PatchSiren cyber security CVE debrief
CVE-2025-6074 ABB CVE debrief
CVE-2025-6074 is a medium-severity ABB RMC-100 issue involving a REST interface authentication bypass. According to the advisory, the risk applies when the REST interface is enabled by the user and an attacker has access to the source code and control network. In that scenario, the attacker may bypass REST authentication and access MQTT configuration data. ABB’s fixes are available in RMC-100 version 2105457-046 and RMC-100 LITE version 2106229-018. The advisory was published on 2025-07-03 and later republished on 2026-05-14 with an update based on ABB guidance.
- Vendor
- ABB
- Product
- RMC-100
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-03
- Original CVE updated
- 2026-05-14
- Advisory published
- 2025-07-03
- Advisory updated
- 2026-05-14
Who should care
ABB RMC-100 and RMC-100 LITE operators, industrial control system administrators, and defenders responsible for network segmentation and access control around OT management interfaces—especially environments that enable the REST interface.
Technical summary
The advisory describes an authentication bypass in the REST interface of ABB RMC-100 and RMC-100 LITE. The stated preconditions are that the REST interface is enabled by the user and the attacker has access to source code and the control network. If those conditions are met, the attacker can bypass REST authentication and obtain MQTT configuration data. The advisory lists CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N with a score of 6.5 (Medium). Affected versions are RMC-100 2105457-043 through 2105457-045 and RMC-100 LITE 2106229-015 through 2106229-016; fixed versions are 2105457-046 and 2106229-018.
Defensive priority
Medium. Patch planning should be prompt for any exposed or operationally reachable affected device, because the issue affects authentication boundaries and configuration confidentiality. Systems with enabled REST access or weak OT network segmentation should be prioritized first.
Recommended defensive actions
- Upgrade ABB RMC-100 to version 2105457-046 or later.
- Upgrade ABB RMC-100 LITE to version 2106229-018 or later.
- Inventory deployed RMC-100 and RMC-100 LITE versions to confirm whether any affected builds are present.
- Disable the REST interface if it is not required for operations.
- Restrict OT/control-network access to management interfaces using segmentation and access control.
- Review who can access source code, build artifacts, and controller management paths that could aid abuse of this issue.
- Monitor for unauthorized access to MQTT configuration data or unexpected REST authentication failures.
- Use CISA ICS recommended practices and defense-in-depth guidance to reduce exposure around industrial control interfaces.
Evidence notes
Primary facts come from the CISA CSAF advisory ICSA-25-196-02 and its linked ABB PSIRT advisory. The advisory explicitly states the affected product versions, the fix versions, the REST-interface-enabled precondition, and the authentication-bypass impact on MQTT configuration data. Timing context uses the advisory publication date of 2025-07-03 and modification date of 2026-05-14. No KEV listing was provided.
Official resources
-
CVE-2025-6074 CVE record
CVE.org
-
CVE-2025-6074 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA advisory ICSA-25-196-02 and the ABB PSIRT advisory on 2025-07-03. CISA republished the advisory on 2026-05-14 after an ABB advisory update. No Known Exploited Vulnerabilities listing was provided.