How to fix CVE-2025-13777?

Within 24 hours: Identify all ABB AWIN Gateway devices in your environment and document network connectivity; isolate affected devices to trusted networks only and disable remote access where feasible. Within 7 days: Implement network segmentation to restrict access to GW100/GW120 devices from untrusted or adjacent networks using firewall rules; enable enhanced monitoring and logging for authentication attempts. Within 30 days: Contact ABB for patch availability and timeline; evaluate alternative solutions or device replacement; conduct a full audit of all access logs for signs of compromise or unauthorized authentication attempts.

Is Awin Gw100 Rev.2 affected by CVE-2025-13777?

ABB AWIN Gateway devices (GW100 rev.2 and GW120) are vulnerable to an authentication bypass that allows attackers on adjacent networks to steal and replay credentials without user interaction, potentially gaining unauthorized access to critical infrastructure.

CVE-2025-13777

EUVD-2025-208631 HIGH

2026-03-13 ABB

8.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 16:57 euvd

EUVD-2025-208631

Analysis Generated

Mar 13, 2026 - 16:57 vuln.today

CVE Published

Mar 13, 2026 - 13:05 nvd

HIGH 8.3

Description

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

Analysis

CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability.

Technical Context

The vulnerability affects ABB AWIN industrial gateway devices - specifically AWIN GW100 rev.2 (versions 2.0-0, 2.0-1) and AWIN GW120 (versions 1.2-0, 1.2-1) as identified by CPE strings cpe:2.3:a:abb:awin_gw100_rev.2:*:*:*:*:*:*:*:* and cpe:2.3:a:abb:awin_gw120:*:*:*:*:*:*:*:*. The root cause is CWE-294 (Authentication Bypass by Capture-Replay), where the authentication mechanism fails to protect against replay attacks, allowing captured authentication tokens or credentials to be reused by attackers to gain unauthorized access.

Affected Products

ABB AWIN GW100 rev.2: versions 2.0-0 and 2.0-1; ABB AWIN GW120: versions 1.2-0 and 1.2-1. These are industrial gateway devices used in automation and control systems. The vulnerability was reported directly by ABB and is tracked as ENISA EUVD-2025-208631.

Remediation

ABB has published an official security advisory available at https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch. Users should review this advisory for specific patch information and update procedures. As a temporary mitigation, organizations should ensure these gateways are isolated from untrusted adjacent networks and implement network segmentation to limit potential attacker access to the same network segment as these devices.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +42

POC: 0

CVE-2025-13777 vulnerability details – vuln.today

Back

CVE-2025-13777

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-13777

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code