Abb
Monthly
Missing authentication vulnerability in ABB AWIN industrial gateways (GW100 rev.2 and GW120) that allows attackers on adjacent networks to access critical functions without credentials. With a CVSS score of 8.3 and no EPSS data or KEV listing, this appears to be a newly disclosed vulnerability with no evidence of active exploitation or public POC availability.
Missing authentication vulnerability in ABB AWIN GW100 rev.2 and GW120 gateway devices that allows unauthenticated attackers on the local network to trigger a denial-of-service condition. Affected versions include AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1). While the CVSS score of 6.5 indicates medium severity, the local attack vector (AV:A) and lack of user interaction requirement suggest this is exploitable by any adjacent network attacker without authentication.
CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability.
Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.2.0.0, 3.2.1.1. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions. Rated high severity (CVSS 7.3). No vendor patch available.
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.50 through 14. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing authentication vulnerability in ABB AWIN industrial gateways (GW100 rev.2 and GW120) that allows attackers on adjacent networks to access critical functions without credentials. With a CVSS score of 8.3 and no EPSS data or KEV listing, this appears to be a newly disclosed vulnerability with no evidence of active exploitation or public POC availability.
Missing authentication vulnerability in ABB AWIN GW100 rev.2 and GW120 gateway devices that allows unauthenticated attackers on the local network to trigger a denial-of-service condition. Affected versions include AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1). While the CVSS score of 6.5 indicates medium severity, the local attack vector (AV:A) and lack of user interaction requirement suggest this is exploitable by any adjacent network attacker without authentication.
CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability.
Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.2.0.0, 3.2.1.1. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions. Rated high severity (CVSS 7.3). No vendor patch available.
Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.50 through 14. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.