CVE-2025-13779 identifies a missing authentication vulnerability (CWE-306) in ABB's AWIN GW100 rev.2 and AWIN GW120 industrial gateway devices. Specifically, certain critical functions within these devices do not require authentication, allowing unauthenticated remote attackers to invoke these functions without any user interaction. The affected versions include AWIN GW100 rev.2 versions 2.0-0 and 2.0-1, and AWIN GW120 versions 1.2-0 and 1.2-1. The vulnerability has a CVSS v3.1 base score of 8.3, indicating high severity, with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact metrics indicate high confidentiality impact, low integrity impact, and high availability impact. This suggests that attackers can potentially extract sensitive information and cause significant service disruption, though the ability to alter data is limited. The lack of authentication on critical functions could allow attackers to manipulate device operations, potentially disrupting industrial processes or exposing sensitive operational data. No patches or exploits are currently reported, but the vulnerability's nature and affected device roles make it a critical concern for industrial control system security. ABB devices like AWIN gateways are commonly used in industrial automation and critical infrastructure, increasing the potential impact of exploitation.

The vulnerability poses a significant risk to organizations relying on ABB AWIN GW100 rev.2 and AWIN GW120 devices, commonly deployed in industrial automation and critical infrastructure environments. Exploitation could lead to unauthorized access to critical device functions, resulting in potential leakage of sensitive operational data (high confidentiality impact). Attackers could disrupt device availability, causing downtime or interruption of industrial processes (high availability impact). Although integrity impact is rated low, unauthorized function execution could indirectly affect process integrity or safety. The lack of authentication means attackers can exploit this remotely without credentials or user interaction, increasing the attack surface and ease of exploitation. This could lead to operational disruptions, safety hazards, financial losses, and damage to organizational reputation. Given the critical role of these gateways in industrial networks, the vulnerability could also facilitate lateral movement or serve as a foothold for more extensive attacks on industrial control systems.

Organizations should immediately inventory their ABB AWIN GW100 rev.2 and AWIN GW120 devices to identify affected versions (2.0-0, 2.0-1 for GW100 rev.2; 1.2-0, 1.2-1 for GW120). Until official patches are released by ABB, implement strict network segmentation to isolate these devices from untrusted networks, limiting access to trusted management networks only. Employ access control lists (ACLs) and firewall rules to restrict communication to and from these gateways, especially blocking access from adjacent networks where possible. Monitor network traffic for unusual or unauthorized access attempts targeting these devices. Enable logging and alerting on device management interfaces to detect potential exploitation attempts. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous activity related to these gateways. Once ABB releases patches or firmware updates addressing this vulnerability, prioritize their deployment in all affected environments. Additionally, review and harden device configurations to disable unused services and enforce strong authentication mechanisms where possible.