← volver
CVE-2026-25601

Credential Exposure vulnerability in MEPIS RM

CVSS 6.4 MEDIUMEPSS 0.2%CWE-798
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 abr 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user passwords before storing them in the application’s database. An attacker with sufficient privileges to access the database could extract the encrypted passwords, decrypt them using the embedded key, and gain unauthorized access to the associated ICS/OT environment.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Metronik d.o.o. · MEPIS RM

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →