---
title: "Critical Flaws in ABB AWIN Gateways Expose Industrial Systems to Attacks"
short_title: "ABB AWIN Gateways critical security flaws"
description: "ABB AWIN Gateways affected by high-severity vulnerabilities (CVE-2025-13777, CVE-2025-13778, CVE-2025-13779) enabling remote attacks. Patch now to secure critical infrastructure."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [abb, industrial-security, cve-2025-13777, cve-2025-13778, cve-2025-13779]
score: 0.85
cve_ids: [CVE-2025-13777, CVE-2025-13778, CVE-2025-13779]
---
## TL;DR
ABB AWIN Gateways, widely used in critical manufacturing sectors, are vulnerable to three high-severity flaws (CVE-2025-13777, CVE-2025-13778, CVE-2025-13779). Exploitation could allow attackers to reboot devices, access sensitive system configurations, or bypass authentication. ABB has released patches—users must update immediately to mitigate risks.
Main Content
### Introduction
Industrial control systems (ICS) are the backbone of critical infrastructure, and their security is paramount. Recently, ABB, a global leader in industrial technology, disclosed three critical vulnerabilities in its AWIN Gateways. These flaws, if exploited, could enable attackers to remotely reboot devices, extract sensitive system configurations, or bypass authentication mechanisms. Given the widespread deployment of these gateways in critical manufacturing sectors worldwide, the implications of these vulnerabilities are severe.
### Key Points
- Three high-severity vulnerabilities (CVE-2025-13777, CVE-2025-13778, CVE-2025-13779) affect ABB AWIN Gateways, enabling remote attacks.
- Exploitation risks include denial-of-service (DoS) attacks, unauthorized data access, and authentication bypass.
- Affected versions include AWIN Firmware 2.0-0, 2.0-1, 1.2-0, and 1.2-1 installed on GW100 and GW120 devices.
- Patches are available—users must upgrade to AWIN Firmware 2.1-0 or follow ABB’s mitigation guidelines.
- No known public exploitation has been reported yet, but proactive measures are critical.
Technical Details
#### Vulnerabilities Overview
The vulnerabilities identified in ABB AWIN Gateways are categorized as follows:
1. CVE-2025-13777 (CVSS 8.3 - High)
- Type: Authentication Bypass by Capture-Replay
- Description: An unauthenticated attacker can exploit improper session validation to bypass authentication and access sensitive system data.
- Impact: Unauthorized disclosure of system configurations, including credentials and network details.
- CWE: CWE-294: Authentication Bypass by Capture-replay
2. CVE-2025-13778 (CVSS 6.5 - Medium)
- Type: Missing Authentication for Critical Function
- Description: Attackers can send unauthenticated queries to remotely reboot the device, causing a denial-of-service (DoS).
- Impact: Disruption of industrial operations, potential downtime, and loss of productivity.
- CWE: CWE-306: Missing Authentication for Critical Function
3. CVE-2025-13779 (CVSS 8.3 - High)
- Type: Missing Authentication for Critical Function
- Description: Unauthenticated queries can reveal system configurations, including sensitive details like passwords and network settings.
- Impact: Exposure of critical infrastructure data, increasing the risk of further attacks.
- CWE: CWE-306: Missing Authentication for Critical Function
#### Affected Systems
The following ABB AWIN Gateway versions are affected by these vulnerabilities:
| Device | Firmware Version |
|--------------------------|----------------------|
| ABB AWIN GW100 rev.2 | 2.0-0, 2.0-1 |
| ABB AWIN GW120 | 1.2-0, 1.2-1 |
### Impact Assessment
The vulnerabilities in ABB AWIN Gateways pose significant risks to industrial environments, particularly in critical manufacturing sectors. Successful exploitation could lead to:
- Operational Disruption: Remote rebooting of devices (CVE-2025-13778) could cause unplanned downtime, affecting production lines and industrial processes.
- Data Breaches: Unauthorized access to system configurations (CVE-2025-13777, CVE-2025-13779) could expose sensitive information, including credentials and network topologies.
- Further Exploitation: Stolen data could be leveraged for lateral movement within industrial networks, increasing the risk of targeted attacks.
- Compliance Violations: Failure to patch these vulnerabilities could result in non-compliance with industrial cybersecurity regulations, such as NIST SP 800-82 or IEC 62443.
### Mitigation Steps
ABB has released patches and mitigation guidelines to address these vulnerabilities. Users are strongly advised to take the following steps:
#### 1. Apply Patches Immediately
- Upgrade to AWIN Firmware 2.1-0 for GW100 rev.2 (Product ID: 3BNP102988R1).
- Upgrade to AWIN Firmware 2.0-0 for GW120 (Product ID: 3BNP103003R1).
#### 2. Follow ABB’s Security Advisory
- Refer to ABB’s official security advisory for detailed instructions:
- ABB PSIRT Security Advisory (PDF)
- ABB PSIRT Security Advisory (CSAF)
#### 3. Implement Network Security Best Practices
- Isolate Industrial Control Systems (ICS): Ensure AWIN Gateways are not accessible from the internet or business networks.
- Use Firewalls: Deploy firewalls to segment ICS networks and restrict unauthorized access.
- Enable VPNs for Remote Access: If remote access is required, use secure VPNs and ensure they are updated to the latest version.
- Monitor Network Traffic: Implement intrusion detection systems (IDS) to detect and respond to suspicious activity.
#### 4. Conduct Risk Assessments
- Perform a thorough impact analysis before deploying defensive measures.
- Review CISA’s recommended practices for ICS security: CISA ICS Best Practices.
### Attack Vector
The vulnerabilities can be exploited by attackers with network access to the affected AWIN Gateways. No authentication is required, making these flaws particularly dangerous in poorly segmented industrial networks. Attackers could:
- Send crafted unauthenticated queries to reboot devices or extract data.
- Capture and replay authentication tokens to bypass security controls.
## Conclusion
The discovery of CVE-2025-13777, CVE-2025-13778, and CVE-2025-13779 in ABB AWIN Gateways underscores the critical importance of securing industrial control systems. While no active exploitation has been reported, the potential impact on critical manufacturing sectors is severe. Organizations using affected devices must apply patches immediately, isolate ICS networks, and follow cybersecurity best practices to mitigate risks.
Proactive measures, such as regular vulnerability assessments and network monitoring, are essential to safeguarding industrial infrastructure from evolving cyber threats. Stay vigilant, stay updated, and prioritize security to protect critical operations.
## References
[^1]: ABB. "ABB Cybersecurity Advisory 4JNO000329". Retrieved 2024-10-02.
[^2]: CISA. "ICS Advisory (ICSA-26-120-05)". Retrieved 2024-10-02.
[^3]: MITRE. "CWE-294: Authentication Bypass by Capture-replay". Retrieved 2024-10-02.
[^4]: MITRE. "CWE-306: Missing Authentication for Critical Function". Retrieved 2024-10-02.