{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13779", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2025-11-28T14:22:33.792Z", "datePublished": "2026-03-13T13:11:11.547Z", "dateUpdated": "2026-03-13T14:11:57.527Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2026-03-13T13:11:11.547Z"}, "title": "Configuration Data Spill", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function", "type": "CWE"}]}], "affected": [{"vendor": "ABB", "product": "AWIN GW100 rev.2", "versions": [{"status": "affected", "version": "2.0-0", "versionType": "custom"}, {"status": "affected", "version": "2.0-1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ABB", "product": "AWIN GW120", "versions": [{"status": "affected", "version": "1.2-0", "versionType": "custom"}, {"status": "affected", "version": "1.2-1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.<p>This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.</p>"}]}], "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T14:11:49.624286Z", "id": "CVE-2025-13779", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T14:11:57.527Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13779", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T14:11:49.624286Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T14:11:53.590Z"}}], "cna": {"title": "Configuration Data Spill", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.2, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ABB", "product": "AWIN GW100 rev.2", "versions": [{"status": "affected", "version": "2.0-0", "versionType": "custom"}, {"status": "affected", "version": "2.0-1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "ABB", "product": "AWIN GW120", "versions": [{"status": "affected", "version": "1.2-0", "versionType": "custom"}, {"status": "affected", "version": "1.2-1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.", "supportingMedia": [{"type": "text/html", "value": "Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.<p>This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2026-03-13T13:11:11.547Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13779", "state": "PUBLISHED", "dateUpdated": "2026-03-13T14:11:57.527Z", "dateReserved": "2025-11-28T14:22:33.792Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2026-03-13T13:11:11.547Z", "assignerShortName": "ABB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1."}, {"lang": "es", "value": "Vulnerabilidad de falta de autenticaci\u00f3n para funci\u00f3n cr\u00edtica en ABB AWIN GW100 rev.2, ABB AWIN GW120. Este problema afecta a AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1."}], "id": "CVE-2025-13779", "lastModified": "2026-03-16T14:54:11.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2026-03-13T19:53:49.480", "references": [{"source": "cybersecurity@ch.abb.com", "url": "https://search.abb.com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "cybersecurity@ch.abb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0-0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0-1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AWIN GW100 rev.2", "source": "cna", "vendor": "ABB"}, "product": "awin_gw100_rev.2", "vendor": "abb"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.2-0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.2-1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AWIN GW120", "source": "cna", "vendor": "ABB"}, "product": "awin_gw120", "vendor": "abb"}], "analysis": {"en": {"generated_at": "2026-03-19T14:39:06.866160+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware or patch from ABB that corrects the missing authentication in the critical function (refer to ABB release notes or the provided download link).", "If an immediate firmware update is not possible, isolate the AWIN devices on a separate network segment or implement firewall rules to restrict external access to the management interfaces.", "After updating or isolating, confirm that all configuration and management functions now require proper authentication.", "Continuously monitor device logs for unauthenticated access attempts and block any such traffic."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Configuration Access"}, "threat_synthesis": {"affected_systems": "Affected vendors and products are ABB: AWIN GW100 rev.2 and ABB: AWIN GW120. The specific firmware versions vulnerable are AWIN GW100 rev.2: 2.0-0 and 2.0-1; AWIN GW120: 1.2-0 and 1.2-1. No other versions are listed as affected.\n", "description_and_impact": "The vulnerability is a missing authentication for a critical function in ABB AWIN GW100 rev.2 and GW120 devices. This flaw allows an attacker to access or modify configuration data without authenticating, potentially leading to unauthorized configuration changes and compromising the device\u2019s integrity and availability. The weakness is classified as CWE-306.\n", "risk_and_exploitability": "The CVSS score of 7.2 indicates a high severity risk. The EPSS score is less than 1%, suggesting a low probability of exploitation currently, and the vulnerability is not included in the CISA KEV catalog. The likely attack vector is network\u2011based: an attacker with network access can send unauthenticated requests to the device\u2019s critical function, leading to configuration data exposure. This can be achieved without additional prerequisites.\n"}}}}, "created": "2026-03-16T09:25:18.344745+00:00", "updated": "2026-03-23T12:02:58.321770+00:00", "vendors": ["abb", "abb$PRODUCT$awin_gw100_rev.2", "abb$PRODUCT$awin_gw120"]}