CVE-2025-13778 is a vulnerability categorized under CWE-306 (Missing Authentication for Critical Function) affecting ABB AWIN GW100 rev.2 and AWIN GW120 gateway devices. The flaw arises due to the absence of proper authentication controls on critical functions, enabling an attacker to perform a capture-replay attack to bypass authentication mechanisms. Specifically, the affected versions are AWIN GW100 rev.2 versions 2.0-0 and 2.0-1, and AWIN GW120 versions 1.2-0 and 1.2-1. The capture-replay attack involves intercepting legitimate authentication messages and replaying them to gain unauthorized access to critical device functions. According to the CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), the attack requires adjacent network access (local network or VPN), has low attack complexity, requires no privileges or user interaction, and impacts availability only, causing denial of service conditions. The vulnerability does not compromise confidentiality or integrity of data but can disrupt device operation or network services dependent on these gateways. No patches or mitigations have been officially released by ABB at the time of publication, and no known exploits are reported in the wild. The affected devices are commonly used in industrial automation and critical infrastructure environments, where availability is paramount. The missing authentication on critical functions represents a significant security oversight that could be leveraged by attackers to disrupt operations or cause downtime.

The primary impact of CVE-2025-13778 is on the availability of ABB AWIN GW100 rev.2 and AWIN GW120 devices, which serve as gateways in industrial automation and critical infrastructure networks. Successful exploitation can lead to denial of service, potentially disrupting communication between control systems and field devices. This disruption can halt industrial processes, cause operational delays, or trigger safety incidents depending on the deployment context. Since these devices are often integral to supervisory control and data acquisition (SCADA) systems or other operational technology (OT) environments, the impact can extend to national critical infrastructure sectors such as energy, manufacturing, transportation, and utilities. The lack of confidentiality and integrity impact reduces the risk of data theft or manipulation, but the availability impact alone can have severe operational and financial consequences. Organizations relying on these ABB gateways may face downtime, loss of productivity, and increased risk of cascading failures in interconnected systems. The absence of known exploits currently provides a window for remediation, but the low complexity and lack of required privileges make this vulnerability attractive for attackers with network access.

1. Network Segmentation: Isolate ABB AWIN GW100 rev.2 and AWIN GW120 devices within dedicated network segments with strict access controls to limit exposure to trusted administrators and systems only. 2. Access Control: Implement strong network-level access controls such as VPNs, firewalls, and ACLs to restrict access to the affected devices to authorized personnel and systems. 3. Monitoring and Logging: Enable detailed logging and continuous monitoring of device access and network traffic to detect unusual replay or authentication bypass attempts. 4. Vendor Coordination: Engage with ABB support channels to obtain official patches or firmware updates addressing this vulnerability as soon as they become available. 5. Temporary Workarounds: If patches are unavailable, consider disabling or restricting access to the vulnerable critical functions remotely accessible on these devices. 6. Incident Response Preparedness: Develop and test incident response plans specific to availability disruptions in industrial control environments to minimize downtime impact. 7. Regular Firmware Audits: Maintain an inventory of affected devices and regularly audit firmware versions to ensure timely identification of vulnerable units. 8. Network Intrusion Detection: Deploy anomaly-based intrusion detection systems capable of identifying replay attacks or unusual authentication patterns targeting these gateways.