16
CVEs
2
Critical
10
High
0
KEV
0
PoC
12
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
10
MEDIUM
4
LOW
0
Monthly CVE Trend
Affected Products (24)
Awin Gw120
3
Awin Gw100 Rev.2
3
Automation Builder
2
Matrix 216 Firmware
1
Nexus 3 2128 Firmware
1
Nexus 264 Firmware
1
Matrix 296 Firmware
1
Aspect Ent 256 Firmware
1
Heap Overflow
1
Matrix 264 Firmware
1
Stack Overflow
1
Nexus 264 A Firmware
1
Nexus 2128 F Firmware
1
Aspect Ent 2 Firmware
1
Matrix 11 Firmware
1
Nexus 3 264 Firmware
1
Aspect Ent 12 Firmware
1
Nexus 2128 G Firmware
1
Aspect Ent 96 Firmware
1
Nexus 2128 Firmware
1
Nexus 264 F Firmware
1
Nexus 264 G Firmware
1
Matrix 232 Firmware
1
Nexus 2128 A Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-8754 | Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.50 through 14. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.1% | 44 |
No patch
|
| CVE-2024-9876 | : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.5 | 0.1% | 43 |
No patch
|
| CVE-2025-3394 | Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.5 | 0.1% | 43 |
No patch
|
| CVE-2025-3395 | Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.4 | 0.0% | 42 |
No patch
|
| CVE-2025-13777 | CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability. | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2025-13779 | Missing authentication vulnerability in ABB AWIN industrial gateways (GW100 rev.2 and GW120) that allows attackers on adjacent networks to access critical functions without credentials. With a CVSS score of 8.3 and no EPSS data or KEV listing, this appears to be a newly disclosed vulnerability with no evidence of active exploitation or public POC availability. | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2024-48842 | Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions. Rated high severity (CVSS 7.3). No vendor patch available. | HIGH | 7.3 | 0.0% | 37 |
No patch
|
| CVE-2025-12143 | Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 6.9 | 0.0% | 34 |
No patch
|
| CVE-2025-13778 | Missing authentication vulnerability in ABB AWIN GW100 rev.2 and GW120 gateway devices that allows unauthenticated attackers on the local network to trigger a denial-of-service condition. Affected versions include AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1). While the CVSS score of 6.5 indicates medium severity, the local attack vector (AV:A) and lack of user interaction requirement suggest this is exploitable by any adjacent network attacker without authentication. | MEDIUM | 6.5 | 0.0% | 33 |
No patch
|
| CVE-2024-9877 | : Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | MEDIUM | 5.3 | 0.1% | 27 |
No patch
|
| CVE-2024-51547 | Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.3 | 0.1% | – |
No patch
|
| CVE-2025-10205 | Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.0% | – |
No patch
|
| CVE-2024-48851 | Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 7.5 | 0.3% | – |
No patch
|
| CVE-2025-10207 | Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 7.5 | 0.1% | – |
No patch
|
| CVE-2025-10504 | Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 6.9 | 0.0% | – |
No patch
|