Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
AnalysisAI
Authentication bypass in ABB AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1) industrial gateways allows adjacent-network attackers to invoke critical functions without credentials, resulting in high confidentiality and availability impact. The flaw was reported by ABB itself and carries a CVSS 4.0 score of 7.2; no public exploit identified at time of analysis and EPSS sits at 0.03% (7th percentile), indicating low predicted exploitation likelihood despite the serious technical impact.
Technical ContextAI
The AWIN GW100 and GW120 are ABB industrial communication gateways used in building/industrial automation deployments to bridge field-bus protocols to IP networks. The root cause is CWE-306 (Missing Authentication for Critical Function), meaning at least one privileged interface or service on the gateway accepts requests without verifying the caller's identity. Per the CPE strings (cpe:2.3:a:abb:awin_gw100_rev.2 and cpe:2.3:a:abb:awin_gw120), the issue is scoped to these two gateway models across the listed firmware revisions and is exposed over an adjacent network (AV:A in CVSS 4.0), which is consistent with management interfaces reachable on the local OT/IT segment rather than the public internet.
RemediationAI
No vendor-released patched firmware version is independently confirmed from the available data, so administrators must consult the ABB advisory at https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en for the official fixed build and upgrade guidance for AWIN GW100 rev.2 and GW120. Until a confirmed patched firmware is applied, place the gateways on a dedicated, segmented management VLAN, restrict adjacent-network reachability to a small set of engineering workstations via firewall ACLs (blocking arbitrary OT-LAN hosts from reaching the gateway's management/critical-function ports), and enable monitoring/logging on any north-bound jump host - recognizing the trade-off that tighter segmentation may break legitimate integrations with SCADA/BMS systems that currently address the gateway directly. Avoid exposing these gateways to routed corporate networks or the Internet under any circumstance.
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.
cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500,
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI i
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication a
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Rated high
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. Rated high
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Rated high severity (
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login t
The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilizat
The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work f
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208635