CVE-2025-6072
CWE-121栈溢出漏洞可通过启用REST接口并利用CVE-2025-6074溢出过期日期字段被利用。ABB建议禁用未使用的REST接口,默认禁用以降低风险。RMC-100不适用于公网访问,需私网控制网络访问,并建议网络分段以增强安全。 2025-7-15 09:43:0 Author: claroty.com(查看原文) 阅读量:1 收藏
CWE-121栈溢出漏洞可通过启用REST接口并利用CVE-2025-6074溢出过期日期字段被利用。ABB建议禁用未使用的REST接口,默认禁用以降低风险。RMC-100不适用于公网访问,需私网控制网络访问,并建议网络分段以增强安全。 2025-7-15 09:43:0 Author: claroty.com(查看原文) 阅读量:1 收藏
High Threat
CWE-121 STACK-BASED BUFFER OVERFLOW:
When the REST interface is enabled by the user, if an attacker gains access to the control network and exploits CVE-2025-6074, the attacker can use the JSON configuration to overflow the expiration date field.
ABB recommends disabling the REST interface when it is not being used to configure the MQTT functionality. By default, when the REST interface is disabled so there is no risk. The RMC-100 is not intended for access over public networks such as the Internet. An attacker would need access to the user's private control network to exploit these vulnerabilities. Proper network segmentation is recommended.
文章来源: https://claroty.com/team82/disclosure-dashboard/cve-2025-6072
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh