Back to CVE List

CVE-2026-25601

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.4 / 10
Vector String
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

A vulnerability was identified in MEPIS RM, an industrial
software product developed by Metronik. The application contained a hardcoded
cryptographic key within the Mx.Web.ComponentModel.dll component. When the
option to store domain passwords was enabled, this key was used to encrypt user
passwords before storing them in the application’s database. An attacker with
sufficient privileges to access the database could extract the encrypted
passwords, decrypt them using the embedded key, and gain unauthorized access to
the associated ICS/OT environment.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-798
Source
NVD
Vendor
Metronik d.o.o.
Product
MEPIS RM

External References

Discussion (0)

Add Comment

No comments yet. Be the first!