{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25601", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "state": "PUBLISHED", "assignerShortName": "ENISA", "dateReserved": "2026-02-03T07:24:49.548Z", "datePublished": "2026-04-01T11:28:57.110Z", "dateUpdated": "2026-04-01T12:35:48.644Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2026-04-01T11:28:57.110Z"}, "title": "Credential Exposure vulnerability in MEPIS RM", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials", "type": "CWE"}]}], "affected": [{"vendor": "Metronik d.o.o.", "product": "MEPIS RM", "versions": [{"status": "affected", "version": "0", "lessThan": "8.2.0107", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "8.2.0007 build 15", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in MEPIS RM, an industrial\nsoftware product developed by Metronik. The application contained a hardcoded\ncryptographic key within the Mx.Web.ComponentModel.dll component. When the\noption to store domain passwords was enabled, this key was used to encrypt user\npasswords before storing them in the application\u2019s database. An attacker with\nsufficient privileges to access the database could extract the encrypted\npasswords, decrypt them using the embedded key, and gain unauthorized access to\nthe associated ICS/OT environment.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A vulnerability was identified in MEPIS RM, an industrial\nsoftware product developed by Metronik. The application contained a hardcoded\ncryptographic key within the Mx.Web.ComponentModel.dll component. When the\noption to store domain passwords was enabled, this key was used to encrypt user\npasswords before storing them in the application\u2019s database. An attacker with\nsufficient privileges to access the database could extract the encrypted\npasswords, decrypt them using the embedded key, and gain unauthorized access to\nthe associated ICS/OT environment.</p>"}]}], "references": [{"url": "https://www.cert.si/en/cve-2026-25601/", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T12:34:39.978813Z", "id": "CVE-2026-25601", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T12:35:48.644Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25601", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T12:34:39.978813Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T12:35:42.276Z"}}], "cna": {"title": "Credential Exposure vulnerability in MEPIS RM", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Metronik d.o.o.", "product": "MEPIS RM", "versions": [{"status": "affected", "version": "0", "lessThan": "8.2.0107", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "8.2.0007 build 15", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cert.si/en/cve-2026-25601/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A vulnerability was identified in MEPIS RM, an industrial\nsoftware product developed by Metronik. The application contained a hardcoded\ncryptographic key within the Mx.Web.ComponentModel.dll component. When the\noption to store domain passwords was enabled, this key was used to encrypt user\npasswords before storing them in the application\u2019s database. An attacker with\nsufficient privileges to access the database could extract the encrypted\npasswords, decrypt them using the embedded key, and gain unauthorized access to\nthe associated ICS/OT environment.", "supportingMedia": [{"type": "text/html", "value": "<p>A vulnerability was identified in MEPIS RM, an industrial\nsoftware product developed by Metronik. The application contained a hardcoded\ncryptographic key within the Mx.Web.ComponentModel.dll component. When the\noption to store domain passwords was enabled, this key was used to encrypt user\npasswords before storing them in the application\u2019s database. An attacker with\nsufficient privileges to access the database could extract the encrypted\npasswords, decrypt them using the embedded key, and gain unauthorized access to\nthe associated ICS/OT environment.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2026-04-01T11:28:57.110Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25601", "state": "PUBLISHED", "dateUpdated": "2026-04-01T12:35:48.644Z", "dateReserved": "2026-02-03T07:24:49.548Z", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "datePublished": "2026-04-01T11:28:57.110Z", "assignerShortName": "ENISA"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:metronik:mepis_rm:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1D97A10-22CB-4C9C-8581-433F771F6958", "versionEndExcluding": "8.2.017", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:metronik:mepis_rm:*:*:*:*:*:*:*:*", "matchCriteriaId": "641D46CD-B882-4EE3-B5FD-52ED712EF323", "versionEndExcluding": "8.2.0007", "vulnerable": true}, {"criteria": "cpe:2.3:a:metronik:mepis_rm:8.2.0007:-:*:*:*:*:*:*", "matchCriteriaId": "98B6B64E-528D-47F0-B6F8-8FF5859144C0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in MEPIS RM, an industrial\nsoftware product developed by Metronik. The application contained a hardcoded\ncryptographic key within the Mx.Web.ComponentModel.dll component. When the\noption to store domain passwords was enabled, this key was used to encrypt user\npasswords before storing them in the application\u2019s database. An attacker with\nsufficient privileges to access the database could extract the encrypted\npasswords, decrypt them using the embedded key, and gain unauthorized access to\nthe associated ICS/OT environment."}], "id": "CVE-2026-25601", "lastModified": "2026-04-07T20:47:29.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-01T12:16:02.587", "references": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "tags": ["Broken Link"], "url": "https://www.cert.si/en/cve-2026-25601/"}], "sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.2.0107)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.2.0007 build 15)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "MEPIS RM", "source": "cna", "vendor": "Metronik d.o.o."}, "product": "mepis_rm", "vendor": "metronik"}], "analysis": {"en": {"generated_at": "2026-04-07T22:13:29.541674+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s patch that removes the hardcoded key or otherwise secures password storage.", "If a patch is not yet available, disable the domain password storage feature in the application settings to prevent encrypted credentials from being stored.", "Limit database access to the minimum set of privileged users and enforce least\u2011privilege policies.", "Deploy monitoring to detect unusual reads of the password storage tables or attempts to access the component containing the hardcoded key."], "summary": {"action": "Patch Now", "impact": "Unauthorized Credential Access"}, "threat_synthesis": {"affected_systems": "Metronik\u2019s MEPIS RM software, particularly version 8.2.0007 and any builds that retain the same hardcoded key, are affected. The flaw applies whenever the feature to store domain passwords is enabled, regardless of the specific operator or deployment environment.", "description_and_impact": "A hardcoded cryptographic key in the component used by MEPIS RM encrypts domain passwords when the store\u2011password option is turned on. If an attacker can read the application database, the embedded key allows decryption of those credentials, exposing the usernames and passwords that give access to the connected industrial control environment. The vulnerability is a classic credential\u2011exposure flaw classified under CWE\u2011798.", "risk_and_exploitability": "The weakness carries a CVSS score of 6.4, indicating a moderate severity that is likely exploitable only if an attacker obtains database access or local administrative rights. The probability of exploitation is currently below 1\u202f%. The issue is not listed in the CISA Known Exploited Vulnerabilities catalog, but it provides a clear pathway for privilege escalation: read encrypted credentials, use the embedded key, and unmask passwords, thus enabling unauthorized control of the affected OT systems."}}}}, "created": "2026-04-02T07:49:19.531935+00:00", "updated": "2026-04-08T19:59:53.430636+00:00", "vendors": ["metronik", "metronik$PRODUCT$mepis_rm"]}