Skip to main content

Abb

Vendor security scorecard – 3 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 12
3
CVEs
0
Critical
3
High
0
KEV
0
PoC
3
Unpatched C/H
0.0%
Patch Rate
0.0%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
3
MEDIUM
0
LOW
0

Monthly CVE Trend

Affected Products (20)

Automation Builder 2 Aspect Ent 2 Firmware 1 Aspect Ent 256 Firmware 1 Aspect Ent 96 Firmware 1 Matrix 11 Firmware 1 Matrix 216 Firmware 1 Matrix 232 Firmware 1 Matrix 264 Firmware 1 Matrix 296 Firmware 1 Nexus 2128 A Firmware 1 Nexus 2128 F Firmware 1 Nexus 2128 Firmware 1 Nexus 2128 G Firmware 1 Nexus 264 A Firmware 1 Nexus 264 F Firmware 1 Nexus 264 Firmware 1 Nexus 264 G Firmware 1 Nexus 3 2128 Firmware 1 Aspect Ent 12 Firmware 1 Nexus 3 264 Firmware 1

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2025-13777 CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability. HIGH 7.2 0.0% 46
No patch
CVE-2025-13779 Authentication bypass in ABB AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1) industrial gateways allows adjacent-network attackers to invoke critical functions without credentials, resulting in high confidentiality and availability impact. The flaw was reported by ABB itself and carries a CVSS 4.0 score of 7.2; no public exploit identified at time of analysis and EPSS sits at 0.03% (7th percentile), indicating low predicted exploitation likelihood despite the serious technical impact. HIGH 7.2 0.0% 46
No patch
CVE-2025-13778 Availability compromise of ABB AWIN GW100 rev.2 and AWIN GW120 industrial gateways stems from a missing authentication check on a critical function (CWE-306), enabling unauthenticated adjacent-network attackers to disrupt device operation. CVSS 4.0 scores the issue 7.1 with high availability impact but no confidentiality or integrity loss, and EPSS rates exploitation probability at just 0.03% (6th percentile) with no public exploit identified at time of analysis. HIGH 7.1 0.0% 46
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy