Description
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
Published: 2026-03-13
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Device Reboot without authentication
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a missing authentication requirement for a critical device reboot function in ABB AWIN GW100 rev.2 and AWIN GW120. Without proper authentication, an attacker can trigger an immediate reboot of the device. This leads to a denial of service and could disrupt any processes or operations the device is performing. The weakness corresponds to CWE-306: Authentication Bypass Through ID or Password.

Affected Systems

Affected vendors and products are ABB AWIN GW100 rev.2 with firmware versions 2.0-0 and 2.0-1, and ABB AWIN GW120 with firmware versions 1.2-0 and 1.2-1.

Risk and Exploitability

The CVSS score is 7.1, indicating a high impact vulnerability. EPSS is less than 1%, suggesting low current exploitation probability, and it is not listed in the CISA KEV catalog. Based on the lack of authentication for the reboot function, the likely attack vector is remote network access or local interface use if an attacker can reach the device. As the vulnerability description does not specify the exact attack path, this inference is based on the nature of the missing authentication and common exploitation techniques for device reboot controls.

Generated by OpenCVE AI on March 19, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check ABB's website or support portal for a firmware update that addresses the reboot control issue; apply the patch to all affected devices as soon as possible.
  • If an update is not yet available, restrict network access to the devices by configuring firewall rules or VPN controls to limit who can connect to the devices.
  • If the device provides an option to disable it, review configurations and turn off remote reboot functionality.
  • Enable logging for reboot events and monitor logs regularly for unusual reboot activity.

Generated by OpenCVE AI on March 19, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Abb
Abb awin Gw100 Rev.2
Abb awin Gw120
Vendors & Products Abb
Abb awin Gw100 Rev.2
Abb awin Gw120

Fri, 13 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

Fri, 13 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
Title Device Reboot Control
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Abb Awin Gw100 Rev.2 Awin Gw120
cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published:

Updated: 2026-03-13T13:35:18.364Z

Reserved: 2025-11-28T14:22:33.054Z

Link: CVE-2025-13778

cve-icon Vulnrichment

Updated: 2026-03-13T13:35:14.451Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:53:49.283

Modified: 2026-03-16T14:54:11.293

Link: CVE-2025-13778

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:02:59Z

Weaknesses