ICSA-25-196-02 · Published 2026-05-14 · View on CISA ICS-CERT ↗

ABB RMC-100 (Update A)

CVSS 7.5 HIGH

Risk Summary

ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited these vulnerabilities could gain unauthenticated access to the MQTT configu-ration data (CVE-2025-6074), cause a DoS on the MQTT configuration web server (REST interface) (CVE-2025-6073, CVE-2025-6072), or decrypt encrypted MQTT broker credentials (CVE-2025-6071).

CVEs (4)

CVE-2025-6074 CVE-2025-6073 CVE-2025-6072 CVE-2025-6071

Remediations

The problem is corrected in RMC-100 version (2105457-046) and RMC-100 LITE version (2106229-018)

Affected Vendors

ABB

Affected Products (4)

ABB · RMC-100 >=2105457-043|<=2105457-045

ABB · RMC-100 2105457-046

ABB · RMC-100 LITE >=2106229-015|<=2106229-016

ABB · RMC-100 LITE 2106229-018

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more