Summary
Successful exploitation of these vulnerabilities could allow an attacker to remotely reboot the device or complete an unauthenticated query to reveal system configuration, including sensitive details.
The following versions of ABB AWIN Gateways are affected:
- ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2 2.0-0
- ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2 2.0-1
- ABB AWIN Firmware (1.2-0) installed on ABB AWIN GW120 1.2-0
- ABB AWIN Firmware (1.2-1) installed on ABB AWIN GW120 1.2-1
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 8.3 | ABB | ABB AWIN Gateways | Authentication Bypass by Capture-replay, Missing Authentication for Critical Function |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Switzerland
Vulnerabilities
CVE-2025-13777
An unauthenticated query reveals data. Authentication Bypass due to Improper Session Validation.
Affected Products
ABB AWIN Gateways
ABB
ABB ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2: 2.0-0, ABB ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2: 2.0-1, ABB ABB AWIN Firmware (1.2-0) installed on ABB AWIN GW120: 1.2-0, ABB ABB AWIN Firmware (1.2-1) installed on ABB AWIN GW120: 1.2-1
known_affected
Remediations
Mitigation
The following product versions have been fixed:
ABB AWIN Firmware 2.1-0 installed on ABB AWIN GW100 rev. 2 (Product ID: 3BNP102988R1) are fixed versions for CVE-2025-13777
ABB AWIN Firmware2.0-0 installed on ABB AWIN GW120 (Product ID 3BNP103003R1) are fixed versions for CVE-2025-13777
Mitigation
For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY – PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY – CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json.
https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
For more information see the associated ABB PSIRT security advisory 4JNO000329 ABB CYBERSECURITY ADVISORY – PDF Version https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch, ABB CYBERSECURITY ADVISORY – CSAF Version https://psirt.abb.com/csaf/2026/4jno000329.json.
https://psirt.abb.com/csaf/2026/4jno000329.json
Relevant CWE: CWE-294 Authentication Bypass by Capture-replay
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.3 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H |
CVE-2025-13778
An unauthenticated query allows an attacker to remotely reboot the device, potentially causing a denial of service.
Read the original article: