CVE-2026-25601
A vulnerability was identified in MEPIS RM, an industrial
software product developed by Metronik. The application contained a hardcoded
cryptographic key within the Mx.Web.ComponentModel.dll component. When the
option to store domain passwords was enabled, this key was used to encrypt user
passwords before storing them in the application’s database. An attacker with
sufficient privileges to access the database could extract the encrypted
passwords, decrypt them using the embedded key, and gain unauthorized access to
the associated ICS/OT environment.
software product developed by Metronik. The application contained a hardcoded
cryptographic key within the Mx.Web.ComponentModel.dll component. When the
option to store domain passwords was enabled, this key was used to encrypt user
passwords before storing them in the application’s database. An attacker with
sufficient privileges to access the database could extract the encrypted
passwords, decrypt them using the embedded key, and gain unauthorized access to
the associated ICS/OT environment.
Vendor
-
Product
-
CWE
Yayın Tarihi
2026-04-01 12:16:02
Güncelleme
2026-04-01 14:23:37
Source Identifier
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
KEV Date Added
-