CVE-2025-13777
Deferred
Deferred - Pending Action
Authentication Bypass via Replay Attack in ABB AWIN GW100/GW
Publication date: 2026-03-13
Last updated on: 2026-05-19
Assigner: Asea Brown Boveri Ltd. (ABB)
Description
Description
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| abb | awin_gw100 | From 2.0-0 (inc) to 2.0-1 (inc) |
| abb | awin_gw120 | From 1.2-0 (inc) to 1.2-1 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
