3
CVEs
0
Critical
2
High
0
KEV
0
PoC
2
Unpatched C/H
0.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
2
MEDIUM
1
LOW
0
Monthly CVE Trend
Affected Products (24)
Awin Gw120
3
Awin Gw100 Rev.2
3
Automation Builder
2
Matrix 216 Firmware
1
Nexus 3 2128 Firmware
1
Nexus 264 Firmware
1
Matrix 296 Firmware
1
Aspect Ent 256 Firmware
1
Heap Overflow
1
Matrix 264 Firmware
1
Stack Overflow
1
Nexus 264 A Firmware
1
Nexus 2128 F Firmware
1
Aspect Ent 2 Firmware
1
Matrix 11 Firmware
1
Nexus 3 264 Firmware
1
Aspect Ent 12 Firmware
1
Nexus 2128 G Firmware
1
Aspect Ent 96 Firmware
1
Nexus 2128 Firmware
1
Nexus 264 F Firmware
1
Nexus 264 G Firmware
1
Matrix 232 Firmware
1
Nexus 2128 A Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-13777 | CVE-2025-13777 is an authentication bypass vulnerability in ABB AWIN Gateway devices (GW100 rev.2 and GW120) that allows attackers on adjacent networks to capture and replay authentication credentials without requiring privileges or user interaction. With a CVSS score of 8.3 and no evidence of active exploitation (not in KEV), this vulnerability enables attackers to gain unauthorized access and potentially compromise system confidentiality, integrity, and availability. | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2025-13779 | Missing authentication vulnerability in ABB AWIN industrial gateways (GW100 rev.2 and GW120) that allows attackers on adjacent networks to access critical functions without credentials. With a CVSS score of 8.3 and no EPSS data or KEV listing, this appears to be a newly disclosed vulnerability with no evidence of active exploitation or public POC availability. | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2025-13778 | Missing authentication vulnerability in ABB AWIN GW100 rev.2 and GW120 gateway devices that allows unauthenticated attackers on the local network to trigger a denial-of-service condition. Affected versions include AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1). While the CVSS score of 6.5 indicates medium severity, the local attack vector (AV:A) and lack of user interaction requirement suggest this is exploitable by any adjacent network attacker without authentication. | MEDIUM | 6.5 | 0.0% | 33 |
No patch
|