EUVD-2025-208633
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
Analysis
Missing authentication vulnerability in ABB AWIN GW100 rev.2 and GW120 gateway devices that allows unauthenticated attackers on the local network to trigger a denial-of-service condition. Affected versions include AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1). While the CVSS score of 6.5 indicates medium severity, the local attack vector (AV:A) and lack of user interaction requirement suggest this is exploitable by any adjacent network attacker without authentication.
Technical Context
The vulnerability exists in ABB's AWIN (ABB Wireless Access Interface Network) gateway products—specifically the GW100 rev.2 and GW120 models used for industrial wireless communication and gateway functionality. The root cause is classified as CWE-306 (Missing Authentication for Critical Function), indicating that a critical operational function lacks proper authentication controls. This affects the gateway's network interface layer, allowing unauthenticated access to functions that should require authentication. The CPE strings cpe:2.3:a:abb:awin_gw100_rev.2 and cpe:2.3:a:abb:awin_gw120 identify the affected product families across multiple versions, suggesting the vulnerability is a design flaw rather than a configuration issue.
Affected Products
ABB AWIN GW100 rev.2 (['2.0-0', '2.0-1']); ABB AWIN GW120 (['1.2-0', '1.2-1'])
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today