PatchSiren cyber security CVE debrief
CVE-2025-13778 ABB CVE debrief
CVE-2025-13778 affects ABB AWIN GW100 rev. 2 and GW120 firmware. According to the advisory, an unauthenticated query can reboot the device and cause denial of service. CISA’s CSAF advisory rates the issue 6.5 MEDIUM and recommends removing direct Internet exposure, using secure remote access, and upgrading to the fixed firmware versions.
- Vendor
- ABB
- Product
- AWIN
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-13
- Original CVE updated
- 2026-04-30
- Advisory published
- 2026-03-13
- Advisory updated
- 2026-04-30
Who should care
OT and industrial control system operators using ABB AWIN GW100 rev. 2 or GW120 gateways, especially if any unit is exposed directly to the Internet, reachable from untrusted networks, or deployed without strong physical and network access controls.
Technical summary
The advisory describes an unauthenticated query that can trigger a remote reboot of the gateway, resulting in availability loss. CISA lists the CVSS v3.1 vector as AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (6.5). The remediation guidance says AWIN gateways should not be Internet-facing, should sit behind firewalls in the intended IEC 62443 hierarchy, and should be updated to the corrected firmware versions.
Defensive priority
Prioritize remediation for any exposed or remotely reachable gateway. Even though the CVSS score is MEDIUM, the impact is a device reboot that can interrupt OT operations, so exposed environments should treat this as a prompt maintenance and containment item.
Recommended defensive actions
- Remove any AWIN gateways that are exposed directly to the Internet and place them behind firewalls.
- Verify that strong physical controls prevent unauthorized access to devices, components, and networks.
- Upgrade to the fixed firmware versions listed in the advisory: AWIN GW100 rev. 2 v2.1-0 and AWIN GW120 v2.0-0.
- Use secure methods for remote access only; avoid exposing the gateways to untrusted networks.
- Contact ABB / ABB Service Support to obtain and apply the updated firmware as soon as possible.
Evidence notes
The source corpus includes the CISA CSAF advisory ICSA-26-120-05 and the linked ABB PSIRT advisory 4JNO000329. The advisory text states: “An unauthenticated query allows an attacker to remotely reboot the device, potentially causing a denial of service.” The remediation section states the problem is corrected in AWIN GW100 rev2 v2.1-0 and AWIN GW120 v2.0-0, and also says the gateways are not intended to be Internet-facing and should be installed behind firewalls. The CISA source shows an initial publication on 2026-03-13 and a CISA republication on 2026-04-30.
Official resources
-
CVE-2025-13778 CVE record
CVE.org
-
CVE-2025-13778 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-03-13 and republished it on 2026-04-30 based on ABB PSIRT advisory 4JNO000329.