{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13778", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2025-11-28T14:22:33.054Z", "datePublished": "2026-03-13T13:08:40.380Z", "dateUpdated": "2026-03-13T13:35:18.364Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2026-03-13T13:12:03.419Z"}, "title": "Device Reboot Control", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function", "type": "CWE"}]}], "affected": [{"vendor": "ABB", "product": "AWIN GW100 rev.2", "versions": [{"status": "affected", "version": "2.0-0", "versionType": "custom"}, {"status": "affected", "version": "2.0-1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ABB", "product": "AWIN GW120", "versions": [{"status": "affected", "version": "1.2-0", "versionType": "custom"}, {"status": "affected", "version": "1.2-1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.<p>This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.</p>"}]}], "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T13:35:12.366891Z", "id": "CVE-2025-13778", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T13:35:18.364Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13778", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T13:35:12.366891Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T13:35:14.451Z"}}], "cna": {"title": "Device Reboot Control", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ABB", "product": "AWIN GW100 rev.2", "versions": [{"status": "affected", "version": "2.0-0", "versionType": "custom"}, {"status": "affected", "version": "2.0-1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ABB", "product": "AWIN GW120", "versions": [{"status": "affected", "version": "1.2-0", "versionType": "custom"}, {"status": "affected", "version": "1.2-1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.", "supportingMedia": [{"type": "text/html", "value": "Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.<p>This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2026-03-13T13:12:03.419Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13778", "state": "PUBLISHED", "dateUpdated": "2026-03-13T13:35:18.364Z", "dateReserved": "2025-11-28T14:22:33.054Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2026-03-13T13:08:40.380Z", "assignerShortName": "ABB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1."}, {"lang": "es", "value": "Vulnerabilidad de ausencia de autenticaci\u00f3n para funci\u00f3n cr\u00edtica en ABB AWIN GW100 rev.2, ABB AWIN GW120. Este problema afecta a AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1."}], "id": "CVE-2025-13778", "lastModified": "2026-03-16T14:54:11.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2026-03-13T19:53:49.283", "references": [{"source": "cybersecurity@ch.abb.com", "url": "https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "cybersecurity@ch.abb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0-0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0-1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AWIN GW100 rev.2", "source": "cna", "vendor": "ABB"}, "product": "awin_gw100_rev.2", "vendor": "abb"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.2-0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.2-1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AWIN GW120", "source": "cna", "vendor": "ABB"}, "product": "awin_gw120", "vendor": "abb"}], "analysis": {"en": {"generated_at": "2026-03-19T14:39:28.895297+00:00", "value": {"mitigation_remediation": ["Check ABB's website or support portal for a firmware update that addresses the reboot control issue; apply the patch to all affected devices as soon as possible.", "If an update is not yet available, restrict network access to the devices by configuring firewall rules or VPN controls to limit who can connect to the devices.", "If the device provides an option to disable it, review configurations and turn off remote reboot functionality.", "Enable logging for reboot events and monitor logs regularly for unusual reboot activity."], "summary": {"action": "Immediate Patch", "impact": "Device Reboot without authentication"}, "threat_synthesis": {"affected_systems": "Affected vendors and products are ABB AWIN GW100 rev.2 with firmware versions 2.0-0 and 2.0-1, and ABB AWIN GW120 with firmware versions 1.2-0 and 1.2-1.", "description_and_impact": "The vulnerability is a missing authentication requirement for a critical device reboot function in ABB AWIN GW100 rev.2 and AWIN GW120. Without proper authentication, an attacker can trigger an immediate reboot of the device. This leads to a denial of service and could disrupt any processes or operations the device is performing. The weakness corresponds to CWE-306: Authentication Bypass Through ID or Password.", "risk_and_exploitability": "The CVSS score is 7.1, indicating a high impact vulnerability. EPSS is less than 1%, suggesting low current exploitation probability, and it is not listed in the CISA KEV catalog. Based on the lack of authentication for the reboot function, the likely attack vector is remote network access or local interface use if an attacker can reach the device. As the vulnerability description does not specify the exact attack path, this inference is based on the nature of the missing authentication and common exploitation techniques for device reboot controls."}}}}, "created": "2026-03-16T09:25:19.733142+00:00", "updated": "2026-03-23T12:02:59.245512+00:00", "vendors": ["abb", "abb$PRODUCT$awin_gw100_rev.2", "abb$PRODUCT$awin_gw120"]}