Skip to main content

Abb EUVDEUVD-2025-208631

| CVE-2025-13777 HIGH
Authentication Bypass by Capture-replay (CWE-294)
2026-03-13 ABB
7.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Re-analysis Queued
May 19, 2026 - 15:07 vuln.today
cvss_changed
CVSS changed
May 19, 2026 - 15:07 NVD
8.3 (HIGH) 7.2 (HIGH)
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2025-208631
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 13:05 nvd
HIGH 8.3

DescriptionCVE.org

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

AnalysisAI

CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability.

Technical ContextAI

The vulnerability affects ABB AWIN industrial gateway devices - specifically AWIN GW100 rev.2 (versions 2.0-0, 2.0-1) and AWIN GW120 (versions 1.2-0, 1.2-1) as identified by CPE strings cpe:2.3:a:abb:awin_gw100_rev.2:*:*:*:*:*:*:*:* and cpe:2.3:a:abb:awin_gw120:*:*:*:*:*:*:*:*. The root cause is CWE-294 (Authentication Bypass by Capture-Replay), where the authentication mechanism fails to protect against replay attacks, allowing captured authentication tokens or credentials to be reused by attackers to gain unauthorized access.

RemediationAI

ABB has published an official security advisory available at https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch. Users should review this advisory for specific patch information and update procedures. As a temporary mitigation, organizations should ensure these gateways are isolated from untrusted adjacent networks and implement network segmentation to limit potential attacker access to the same network segment as these devices.

More in Abb

View all
CVE-2012-0245 CRITICAL
10.0 Mar 09

Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used

CVE-2024-6298 CRITICAL POC
9.4 Jul 05

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.

CVE-2024-6209 CRITICAL POC
9.4 Jul 05

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.

CVE-2017-17888 HIGH POC
8.8 Dec 27

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500,

CVE-2019-7225 HIGH POC
8.8 Jun 27

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI i

CVE-2019-7226 HIGH POC
8.8 Jun 27

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication a

CVE-2019-7228 HIGH POC
8.8 Jun 27

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Rated high

CVE-2019-7232 HIGH POC
8.8 Jun 24

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. Rated high

CVE-2019-7230 HIGH POC
8.8 Jun 24

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Rated high severity (

CVE-2024-4007 HIGH POC
8.7 Jul 01

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login t

CVE-2019-7229 HIGH POC
8.3 Jun 24

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilizat

CVE-2019-18997 HIGH POC
7.5 Dec 18

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work f

Share

EUVD-2025-208631 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy