PatchSiren cyber security CVE debrief
CVE-2025-13777 ABB CVE debrief
CVE-2025-13777 is a high-severity ABB AWIN gateway issue in which an unauthenticated query can reveal data because of improper session validation. CISA’s advisory first published on 2026-03-13 and was republished on 2026-04-30 with ABB PSIRT materials; affected products include AWIN GW100 rev. 2 and AWIN GW120 firmware lines listed in the advisory. ABB states the issue is corrected in GW100 rev. 2 v2.1-0 and GW120 v2.0-0.
- Vendor
- ABB
- Product
- AWIN
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-13
- Original CVE updated
- 2026-04-30
- Advisory published
- 2026-03-13
- Advisory updated
- 2026-04-30
Who should care
Industrial control system operators using ABB AWIN GW100 rev. 2 or GW120 gateways, especially any deployment that may be reachable from untrusted networks or used for remote access. Security teams responsible for OT segmentation, device hardening, and firmware management should treat this as a priority remediation item.
Technical summary
The advisory describes an authentication bypass caused by improper session validation. In the supplied CVSS vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H), the issue is rated 8.3 HIGH and indicates that an adjacent-network attacker can access data without authentication, with high confidentiality and availability impact and limited integrity impact. ABB and CISA recommend firmware upgrades and network/physical exposure reduction, including avoiding direct Internet exposure and using secure remote access methods.
Defensive priority
High. This is an authentication control failure affecting OT gateways, so exposure reduction and firmware remediation should be handled promptly, especially where gateways are reachable from adjacent networks or support remote operations.
Recommended defensive actions
- Upgrade affected devices to the fixed firmware versions listed by ABB: AWIN GW100 rev. 2 v2.1-0 and AWIN GW120 v2.0-0.
- Stop and disconnect any AWIN gateways that are exposed directly to the Internet.
- Ensure AWIN gateways are installed behind firewalls and are not treated as Internet-facing devices.
- Use secure methods only when remote access is required.
- Apply physical access controls so unauthorized personnel cannot access devices, components, peripheral equipment, or networks.
- Contact ABB Service Support to obtain and apply the updated firmware as soon as possible.
Evidence notes
All claims are taken from the supplied CISA CSAF source item for ICSA-26-120-05 and its referenced ABB PSIRT advisory materials. The advisory description explicitly states: 'An unauthenticated query reveals data. Authentication Bypass due to Improper Session Validation.' The source metadata shows initial publication on 2026-03-13 and a CISA republication on 2026-04-30.
Official resources
-
CVE-2025-13777 CVE record
CVE.org
-
CVE-2025-13777 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
First published 2026-03-13; CISA republished ABB PSIRT advisory content on 2026-04-30.