AWIN Gateways Vulnerabilities in Embedded Webserver

Plan PatchCVSS 8.34jno000329Mar 13, 2026

ABB

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB AWIN GW100 rev2 and GW120 gateways contain vulnerabilities in their embedded web server that allow unauthenticated remote command execution and configuration disclosure. An attacker with network access to an affected gateway can remotely reboot the device (causing denial of service) or extract system configuration information. The vulnerability affects GW100 rev2 versions 2.0-0 and 2.0-1, and GW120 versions 1.2-0 and 1.2-1. ABB states that patches are available and customers should update to GW100 rev2 v2.1-0 or GW120 v2.0-0.

What this means

What could happen

An attacker with access to an AWIN gateway could remotely execute commands to reboot the device or halt operations, and extract system configuration details. This could cause brief service interruptions or expose sensitive network architecture information.

Who's at risk

Water and power utilities using ABB AWIN gateway products (GW100 rev2 or GW120) for remote site monitoring and control should review their network placement and firmware versions. These devices are typically found at pumping stations, substations, or remote water treatment facilities where they bridge SCADA networks to central management systems.

How it could be exploited

An attacker on the same network segment as an AWIN gateway (or having reached the local network via prior compromise) can send unauthenticated requests to the embedded web server. The server does not properly validate requests, allowing the attacker to execute commands or access configuration data without credentials.

Prerequisites

Network access to the AWIN gateway (local network or via compromised IT system)
No authentication required
AWIN gateway running affected firmware versions (GW100 rev2 v2.0-x or GW120 v1.2-x)

Remotely exploitable if accessible on networkNo authentication requiredLow complexity attackAffects critical infrastructure communication gatewaysNo vendor patch available yet for all versions

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

AWIN GW100 rev. 2 Product ID: 3BNP102988R12.0-02.1-0

AWIN GW100 rev. 2 Product ID: 3BNP102988R12.0-12.1-0

AWIN GW120 Product ID 3BNP103003R11.2-02.0-0

AWIN GW120 Product ID 3BNP103003R11.2-12.0-0

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDDisconnect any AWIN gateways that are directly exposed to the Internet

HARDENINGRestrict network access to AWIN gateways to only authorized personnel and systems on the local network using firewall rules and network segmentation

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade AWIN GW100 rev2 units to firmware v2.1-0 or later

HOTFIXUpgrade AWIN GW120 units to firmware v2.0-0 or later

HARDENINGWhen remote access to the gateway is required, use only secure methods (e.g., VPN, SSH) rather than direct internet exposure

Long-term hardening

0/1

HARDENINGImplement physical access controls to prevent unauthorized personnel from connecting to or modifying the gateway

CVEs (3)

CVE-2025-13777 CVE-2025-13778 CVE-2025-13779

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/939f692b-09ce-44a2-a226-7188f7648295

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.