# Critical Authentication Bypass Flaws in ABB AWIN Gateways Allow Unauthenticated Access and Device Shutdown
ABB has disclosed two critical vulnerabilities in its AWIN Gateway product line that enable attackers to bypass authentication, query sensitive system configuration data, and remotely trigger denial-of-service attacks without credentials. The flaws affect industrial automation gateways deployed worldwide and carry an 8.3 CVSS score, placing them in the high-severity category.
## The Threat
ABB AWIN Gateways serve as communication bridges in critical infrastructure environments, connecting industrial control systems and manufacturing facilities. The newly disclosed vulnerabilities—CVE-2025-13777 and CVE-2025-13778—break fundamental authentication mechanisms that protect these devices from unauthorized access.
CVE-2025-13777 stems from improper session validation logic, allowing attackers to conduct authentication bypass attacks using captured-replay techniques. This flaw permits unauthenticated queries to retrieve system configuration data, potentially exposing sensitive operational details such as device parameters, network topology, and system settings. An attacker with network access to an affected gateway can obtain this information without providing valid credentials, significantly lowering the barrier to reconnaissance and further exploitation.
CVE-2025-13778 compounds the threat by allowing unauthenticated remote reboot commands. An attacker can send a specially crafted query to force the gateway to restart, causing immediate service disruption. In manufacturing and critical infrastructure environments, unexpected device reboots can cascade into production downtime, safety system failures, or loss of operational visibility. Combined with the information disclosure flaw, these vulnerabilities create a complete attack chain: gather system details, then knock the device offline.
Both vulnerabilities require only network access to the affected gateway—no special tools, valid credentials, or user interaction are needed. This makes them trivial to exploit at scale, particularly in environments where gateways are exposed to untrusted networks or accessed through insufficiently segmented network architectures.
## Severity and Impact
| Metric | Details |
|---|---|
| CVE-2025-13777 | Authentication bypass; unauthenticated data disclosure |
| CVE-2025-13778 | Unauthenticated remote reboot; denial of service |
| CVSS v3.1 Base Score | 8.3 (HIGH) |
| Vector String | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H |
| Attack Vector | Adjacent Network (AV:A) |
| Attack Complexity | Low (AC:L) |
| Privileges Required | None (PR:N) |
| User Interaction | None (UI:N) |
| Scope | Unchanged (S:U) |
| Confidentiality Impact | High (C:H) |
| Integrity Impact | Low (I:L) |
| Availability Impact | High (A:H) |
| CWE Identifier | CWE-294 (Authentication Bypass by Capture-Replay) |
| Affected Sectors | Critical Manufacturing (worldwide deployment) |
The 8.3 severity reflects the combination of high-impact outcomes (data disclosure and denial of service) with minimal prerequisites for exploitation. Attack complexity is low, meaning the vulnerabilities can be reliably exploited without specialized knowledge. The "Adjacent Network" vector indicates attackers must be on the same network segment, but in many industrial environments, segmentation is incomplete, making this a practical risk.
## Affected Products
The following ABB AWIN Gateway firmware versions are confirmed vulnerable:
ABB AWIN GW100 Rev.2:
ABB AWIN GW120:
All listed versions are known to be affected by both CVE-2025-13777 and CVE-2025-13778. Organizations should inventory their installed AWIN Gateway models and firmware versions to determine exposure. ABB assigns product IDs to each device line for tracking purposes: GW100 rev.2 uses product ID 3BNP102988R1, and GW120 uses product ID 3BNP103003R1.
## Mitigations
Immediate Actions:
1. Apply Firmware Updates Immediately
ABB has released patched firmware versions that address both vulnerabilities:
- ABB AWIN Firmware 2.1-0 for GW100 rev.2 (Product ID 3BNP102988R1)
- ABB AWIN Firmware 2.0-0 for GW120 (Product ID 3BNP103003R1)
Prioritize updating production environments where AWIN Gateways are exposed to any level of network access. These fixed versions eliminate the authentication bypass and remote reboot capabilities.
2. Network Segmentation
Immediately segment AWIN Gateways from untrusted networks. Restrict access to these devices to authorized management interfaces and control systems only. Use firewall rules to limit inbound connections to the gateway to trusted IP ranges. This reduces the practical attack surface while updates are being staged.
3. Restrict Network Access
Review access control lists and firewall rules for any AWIN Gateway ports. Disable unnecessary services and close unused ports. Implement the principle of least privilege: only authorized systems should communicate with the gateway.
4. Monitoring and Detection
Enable logging on affected gateways if available. Monitor for unusual query patterns or unexpected reboot events. Network intrusion detection systems (IDS) should be configured to alert on suspicious traffic patterns targeting gateway ports.
5. Staged Rollout for Updates
In critical manufacturing environments, test firmware updates in a non-production environment first to ensure compatibility with connected systems. Plan maintenance windows to minimize disruption when applying updates to production gateways.
Long-Term Recommendations:
## References
Organizations managing ABB AWIN Gateways should treat these vulnerabilities as high-priority patch targets. The combination of unauthenticated access, credential bypass, and remote denial-of-service capabilities makes them attractive targets for attackers seeking to disrupt manufacturing and critical infrastructure operations. Firmware updates should be applied as soon as testing confirms compatibility with your operational environment.