16
CVEs
2
Critical
11
High
0
KEV
0
PoC
13
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
11
MEDIUM
3
LOW
0
Monthly CVE Trend
Affected Products (20)
Automation Builder
2
Aspect Ent 2 Firmware
1
Aspect Ent 256 Firmware
1
Aspect Ent 96 Firmware
1
Matrix 11 Firmware
1
Matrix 216 Firmware
1
Matrix 232 Firmware
1
Matrix 264 Firmware
1
Matrix 296 Firmware
1
Nexus 2128 A Firmware
1
Nexus 2128 F Firmware
1
Nexus 2128 Firmware
1
Nexus 2128 G Firmware
1
Nexus 264 A Firmware
1
Nexus 264 F Firmware
1
Nexus 264 Firmware
1
Nexus 264 G Firmware
1
Nexus 3 2128 Firmware
1
Aspect Ent 12 Firmware
1
Nexus 3 264 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-13777 | CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability. | HIGH | 7.2 | 0.0% | 46 |
No patch
|
| CVE-2025-13779 | Authentication bypass in ABB AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1) industrial gateways allows adjacent-network attackers to invoke critical functions without credentials, resulting in high confidentiality and availability impact. The flaw was reported by ABB itself and carries a CVSS 4.0 score of 7.2; no public exploit identified at time of analysis and EPSS sits at 0.03% (7th percentile), indicating low predicted exploitation likelihood despite the serious technical impact. | HIGH | 7.2 | 0.0% | 46 |
No patch
|
| CVE-2025-13778 | Availability compromise of ABB AWIN GW100 rev.2 and AWIN GW120 industrial gateways stems from a missing authentication check on a critical function (CWE-306), enabling unauthenticated adjacent-network attackers to disrupt device operation. CVSS 4.0 scores the issue 7.1 with high availability impact but no confidentiality or integrity loss, and EPSS rates exploitation probability at just 0.03% (6th percentile) with no public exploit identified at time of analysis. | HIGH | 7.1 | 0.0% | 46 |
No patch
|
| CVE-2025-8754 | Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.50 through 14. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.1% | 44 |
No patch
|
| CVE-2024-9876 | : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.5 | 0.1% | 43 |
No patch
|
| CVE-2025-3394 | Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.5 | 0.1% | 43 |
No patch
|
| CVE-2025-3395 | Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.4 | 0.0% | 42 |
No patch
|
| CVE-2024-48842 | Use of Hard-coded Credentials vulnerability in ABB FLXEON.3.5 and newer versions. Rated high severity (CVSS 7.3). No vendor patch available. | HIGH | 7.3 | 0.0% | 37 |
No patch
|
| CVE-2025-12143 | Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 6.9 | 0.0% | 34 |
No patch
|
| CVE-2024-9877 | : Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | MEDIUM | 5.3 | 0.1% | 27 |
No patch
|
| CVE-2024-51547 | Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.3 | 0.1% | – |
No patch
|
| CVE-2025-10205 | Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.0% | – |
No patch
|
| CVE-2024-48851 | Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 7.5 | 0.3% | – |
No patch
|
| CVE-2025-10207 | Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 7.5 | 0.1% | – |
No patch
|
| CVE-2025-10504 | Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 6.9 | 0.0% | – |
No patch
|