CVE-2026-25601

EPSS 0.01%
Veröffentlicht 01.04.2026 11:28:57
Zuletzt bearbeitet 07.04.2026 20:47:29
Quelle a6d3dc9e-0591-4a13-bce7-0f5b31
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was identified in MEPIS RM, an industrial
software product developed by Metronik. The application contained a hardcoded
cryptographic key within the Mx.Web.ComponentModel.dll component. When the
option to store domain passwords was enabled, this key was used to encrypt user
passwords before storing them in the application’s database. An attacker with
sufficient privileges to access the database could extract the encrypted
passwords, decrypt them using the embedded key, and gain unauthorized access to
the associated ICS/OT environment.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Metronik ≫ Mepis Rm Version < 8.2.017

Metronik ≫ Mepis Rm Version < 8.2.0007

Metronik ≫ Mepis Rm Version8.2.0007 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158	6.4	0.5	5.9	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.cert.si/en/cve-2026-25601/

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2026-25601

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-25601

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-25601

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-25601