ABB AWIN Gateways

Plan PatchCVSS 8.3ICS-CERT ICSA-26-120-05Mar 13, 2026

ABB

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB AWIN gateways contain vulnerabilities in the embedded webserver that allow unauthenticated remote attackers on the local network to take control of the device, reboot it, or extract sensitive system configuration. The gateways are designed for internal network deployment behind firewalls and should not be internet-facing. An attacker with network access to the gateway can send crafted requests to the webserver, which fails to properly validate requests before executing commands or returning configuration data. Affected versions are AWIN GW100 rev. 2 firmware 2.0-0 and 2.0-1, and AWIN GW120 firmware 1.2-0 and 1.2-1. Fixed firmware versions are available.

What this means

What could happen

An attacker with access to an AWIN gateway could remotely take control of the device, reboot it to cause service interruption, or extract sensitive system configuration data including network and operational details.

Who's at risk

This affects ABB AWIN GW100 rev. 2 and GW120 gateways used in water utilities, electric utilities, and other infrastructure facilities. These devices are typically installed in control rooms or remote sites to enable communication between field equipment and central SCADA/HMI systems. Any facility using older firmware versions of these gateway models should prioritize remediation.

How it could be exploited

An attacker on the local network (or with network access to the gateway) sends malicious requests to the embedded webserver. The gateway accepts these requests without proper authentication or authorization checks, allowing the attacker to execute commands or retrieve configuration data.

Prerequisites

Network access to the AWIN gateway (typically on a local network segment)
No authentication required to send requests to the webserver

Remotely exploitable from local networkNo authentication requiredLow attack complexityAffects availability and confidentialityEmbedded device with firmware update dependency

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

AWIN GW100 rev. 22.0-0Fix available

AWIN GW100 rev. 22.0-1Fix available

AWIN GW100 rev. 2 Product ID: 3BNP102988R12.0-02.1-0

AWIN GW100 rev. 2 Product ID: 3BNP102988R12.0-12.1-0

AWIN GW120 Product ID 3BNP103003R11.2-02.0-0

AWIN GW120 Product ID 3BNP103003R11.2-12.0-0

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImmediately disconnect any AWIN gateways directly exposed to the internet

WORKAROUNDRestrict network access to AWIN gateways to only authorized internal networks using firewall rules; block access from untrusted network segments

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

AWIN GW100 rev. 2

HOTFIXUpdate all AWIN GW100 rev. 2 devices to firmware version 2.1-0 or later

All products

HOTFIXUpdate all AWIN GW120 devices to firmware version 2.0-0 or later

Long-term hardening

0/1

HARDENINGImplement physical access controls to prevent unauthorized personnel from connecting to or tampering with AWIN gateway devices and their network connections

CVEs (3)

CVE-2025-13777 CVE-2025-13778 CVE-2025-13779

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/83130942-c23d-43c9-863c-33fec1c27863

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.