CVE-2025-13777 is a vulnerability classified under CWE-294 (Authentication Bypass) affecting ABB AWIN GW100 rev.2 and AWIN GW120 devices. The flaw allows an attacker to bypass authentication by performing a capture-replay attack on the authentication mechanism. Specifically, an attacker can capture valid authentication data transmitted over the network and replay it to gain unauthorized access to the device without needing valid credentials or user interaction. The affected firmware versions are 2.0-0 and 2.0-1 for AWIN GW100 rev.2, and 1.2-0 and 1.2-1 for AWIN GW120. The vulnerability is remotely exploitable (Attack Vector: Adjacent Network), requires no privileges or user interaction, and has low attack complexity. The impact is high on confidentiality (full unauthorized access), low on integrity (some controls may remain intact), and high on availability (potential for service disruption). These ABB devices are typically used in industrial control systems and critical infrastructure environments, making this vulnerability particularly concerning. No patches or official fixes have been published yet, and no known exploits have been observed in the wild as of the publication date. The vulnerability was reserved in late 2025 and published in early 2026, indicating recent discovery and disclosure.

The vulnerability allows attackers to bypass authentication controls on ABB AWIN GW100 rev.2 and AWIN GW120 devices, potentially granting unauthorized access to critical industrial control systems. This can lead to unauthorized disclosure of sensitive operational data (high confidentiality impact), unauthorized commands or configuration changes (partial integrity impact), and disruption or denial of service of critical infrastructure components (high availability impact). Given these devices' role in industrial environments, exploitation could result in operational downtime, safety risks, and financial losses. The ease of exploitation without credentials or user interaction increases the threat level, especially in environments where these devices are accessible over adjacent networks. The absence of known exploits in the wild reduces immediate risk but does not diminish the potential for future attacks. Organizations relying on these ABB devices in sectors such as energy, manufacturing, and utilities face significant operational and security risks if this vulnerability is exploited.

1. Implement strict network segmentation to isolate ABB AWIN GW100 rev.2 and AWIN GW120 devices from general network access, limiting exposure to adjacent network attackers. 2. Employ robust network monitoring and intrusion detection systems to detect replay attacks or anomalous authentication attempts targeting these devices. 3. Restrict physical and logical access to the devices to trusted personnel and systems only. 4. Use VPNs or encrypted tunnels for remote access to reduce the risk of capture-replay attacks on authentication data. 5. Regularly audit device firmware versions and configurations to identify and track vulnerable devices. 6. Engage with ABB support channels to obtain updates or patches as they become available and apply them promptly. 7. Consider deploying additional authentication layers or compensating controls such as multi-factor authentication if supported by the environment. 8. Conduct security awareness training for operational technology (OT) staff to recognize and respond to potential exploitation attempts. 9. Develop and test incident response plans specific to industrial control system compromises involving these devices.