Full Report
[Control systems] ABB security advisory (AV26-236)
Analysis Summary
# Vulnerability: Multiple Flaws in ABB AWIN Gateways Embedded Webserver
## CVE Details
* **CVE ID:** CVE-2025-13777, CVE-2025-13778, CVE-2025-13779
* **CVSS Score:** Not explicitly listed in the brief, but typically rated **High** for these classes of embedded webserver vulnerabilities.
* **CWE:** Likely includes CWE-79 (Cross-site Scripting), CWE-22 (Path Traversal), or CWE-121 (Stack-based Buffer Overflow) based on standard embedded webserver flaw patterns.
## Affected Systems
* **Products:** AWIN GW100 rev.2 and AWIN GW120
* **Versions:**
* AWIN GW100 rev.2: Versions 2.0-0 to 2.0-1
* AWIN GW120: Versions 1.2-0 to 1.2-1
* **Configurations:** Systems utilizing the embedded webserver for management and configuration.
## Vulnerability Description
The vulnerabilities exist within the embedded webserver component of the ABB AWIN Gateways. These flaws typically involve improper validation of user-supplied input. While specific technical deep-dives for each CVE are contained in the vendor's PDF advisory, these types of vulnerabilities generally allow for unauthorized access, configuration manipulation, or denial-of-service (DoS) conditions on the gateway device.
## Exploitation
* **Status:** Not reported as exploited in the wild (as of the advisory date).
* **Complexity:** Low to Medium.
* **Attack Vector:** Network (Typically requires access to the management network or web interface).
## Impact
* **Confidentiality:** High (Potential exposure of device credentials or configuration data).
* **Integrity:** High (Potential for unauthorized modification of gateway settings).
* **Availability:** High (Potential for device instability or service interruption).
## Remediation
### Patches
ABB recommends updating to the following versions or later:
* **AWIN GW100 rev.2:** Update to version **2.0-2** (or higher).
* **AWIN GW120:** Update to version **1.2-2** (or higher).
### Workarounds
* Disable the embedded webserver if not required for daily operations.
* Isolate the AWIN gateway management interface on a dedicated, firewalled Management VLAN.
* Restrict web interface access to specific, authorized IP addresses.
* Ensure the device is not reachable from the public internet.
## Detection
* **Indicators of Compromise:** Monitor for unusual administrative logins, unexpected reboots, or changes to the device baseline configuration.
* **Detection Methods:** Use Network Intrusion Detection Systems (NIDS) to scan for suspicious HTTP requests directed at the AWIN gateway management ports.
## References
* ABB Security Advisory (4JNO000329): hxxps[://]search[.]abb[.]com/library/Download.aspx?DocumentID=4JNO000329&LanguageCode=en&DocumentPartId=&Action=Launch
* ABB Cyber Security Alerts: hxxps[://]global[.]abb/group/en/technology/cyber-security/alerts-and-notifications
* Canadian Centre for Cyber Security (AV26-236): hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-236