How to fix EUVD-2025-208635?

Within 24 hours: Inventory all ABB AWIN GW100 rev.2 and GW120 devices in your environment and document network connectivity; isolate affected gateways to air-gapped or restricted networks if operationally feasible. Within 7 days: Implement network segmentation to restrict adjacent network access; deploy enhanced monitoring and logging for gateway access attempts; contact ABB for patch timeline and interim guidance. Within 30 days: Apply vendor patch immediately upon availability; conduct full security assessment of affected systems; review access logs for signs of exploitation.

Is Awin Gw120 affected by EUVD-2025-208635?

ABB AWIN industrial gateways (GW100 rev.2 and GW120) contain a critical authentication bypass vulnerability that allows unauthenticated attackers on adjacent networks to access sensitive industrial control functions.

EUVD-2025-208635

| CVE-2025-13779 HIGH

2026-03-13 ABB

8.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 16:57 euvd

EUVD-2025-208635

Analysis Generated

Mar 13, 2026 - 16:57 vuln.today

CVE Published

Mar 13, 2026 - 13:11 nvd

HIGH 8.3

Description

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

Analysis

Missing authentication vulnerability in ABB AWIN industrial gateways (GW100 rev.2 and GW120) that allows attackers on adjacent networks to access critical functions without credentials. With a CVSS score of 8.3 and no EPSS data or KEV listing, this appears to be a newly disclosed vulnerability with no evidence of active exploitation or public POC availability.

Technical Context

The vulnerability affects ABB AWIN series industrial gateways - specifically GW100 rev.2 (versions 2.0-0, 2.0-1) and GW120 (versions 1.2-0, 1.2-1) as identified by CPE entries cpe:2.3:a:abb:awin_gw100_rev.2:*:*:*:*:*:*:*:* and cpe:2.3:a:abb:awin_gw120:*:*:*:*:*:*:*:*. These are industrial communication gateways likely used in OT/ICS environments. The root cause CWE-306 indicates the gateway exposes critical functionality without requiring authentication, allowing unauthorized users to perform privileged operations.

Affected Products

ABB AWIN GW100 rev.2 firmware versions 2.0-0 and 2.0-1; ABB AWIN GW120 firmware versions 1.2-0 and 1.2-1. The ENISA EUVD confirms these specific version strings. These industrial gateways are likely deployed in manufacturing, energy, or other industrial control system environments.

Remediation

ABB has published a security advisory available at https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch which should contain patch information and mitigation guidance. As an immediate workaround, organizations should ensure these gateways are not accessible from untrusted adjacent networks through proper network segmentation and access controls.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +42

POC: 0

EUVD-2025-208635 vulnerability details – vuln.today

Back

EUVD-2025-208635

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-208635

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code