PatchSiren cyber security CVE debrief
CVE-2025-13779 ABB CVE debrief
CVE-2025-13779 is a high-severity information-disclosure issue in ABB AWIN gateways. According to the advisory corpus, an unauthenticated query can reveal system configuration and other sensitive details. The issue was publicly disclosed on 2026-03-13 and later republished by CISA on 2026-04-30. ABB lists fixed firmware versions for the affected gateway lines and recommends upgrading as soon as possible, especially where the devices are reachable from untrusted networks or exposed for remote access.
- Vendor
- ABB
- Product
- AWIN
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-13
- Original CVE updated
- 2026-04-30
- Advisory published
- 2026-03-13
- Advisory updated
- 2026-04-30
Who should care
OT/ICS operators, plant engineers, and security teams responsible for ABB AWIN GW100 rev. 2 and GW120 gateways, especially environments where gateways are Internet-exposed, remotely reachable, or not tightly segmented behind firewalls.
Technical summary
The advisory describes an unauthenticated query that exposes system configuration and sensitive details on ABB AWIN gateways. The supplied CVSS vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H) indicates an adjacent-network attack path with no privileges or user interaction required, and a high impact to confidentiality plus meaningful integrity and availability impact. The corpus identifies remediation in AWIN GW100 rev. 2 firmware v2.1-0 and AWIN GW120 firmware v2.0-0. The source set does not include evidence of active exploitation or a KEV listing.
Defensive priority
High priority for any environment running the affected ABB AWIN firmware, with urgent attention if the gateways are reachable from adjacent networks, remotely accessible, or Internet-exposed.
Recommended defensive actions
- Upgrade affected ABB AWIN gateways to the fixed firmware versions identified in the advisory: GW100 rev. 2 v2.1-0 and GW120 v2.0-0.
- Stop and disconnect any AWIN gateways that are exposed directly to the Internet.
- Ensure AWIN gateways are installed behind firewalls and are not Internet-facing.
- Use secure methods for any required remote access.
- Apply physical access controls so unauthorized personnel cannot access the devices, components, peripheral equipment, or networks.
- Contact ABB to obtain the updated firmware and have ABB service support apply the update at the earliest convenience.
Evidence notes
This debrief is based on the supplied CISA CSAF republishing of ABB PSIRT advisory 4JNO000329 for ICSA-26-120-05, titled "ABB AWIN Gateways." The source description states: "An unauthenticated query reveals the system configuration, including sensitive details." The advisory lists the affected and fixed firmware versions and provides the CVSS 3.1 vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H with a score of 8.3 (HIGH). The corpus shows no KEV entry and no reported ransomware use. The vendor field in the source metadata is marked low confidence and needs review, so product attribution should be treated as advisory-backed rather than independently validated here.
Official resources
-
CVE-2025-13779 CVE record
CVE.org
-
CVE-2025-13779 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Initial public disclosure is dated 2026-03-13, with a CISA republication update on 2026-04-30.