{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/industrial_control_systems/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":6.5,"id":"CVE-2025-13778"},{"cvss":8.3,"id":"CVE-2025-13777"},{"cvss":8.3,"id":"CVE-2025-13779"}],"_cs_exploited":false,"_cs_products":["ABB AWIN Firmware (2.0-0)","ABB AWIN Firmware (2.0-1)","ABB AWIN Firmware (1.2-0)","ABB AWIN Firmware (1.2-1)"],"_cs_severities":["high"],"_cs_tags":["ics","vulnerability","industrial_control_systems"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eABB AWIN Gateways are vulnerable to multiple security flaws that could be exploited by unauthenticated attackers. These vulnerabilities impact ABB AWIN GW100 rev.2 and GW120 devices running specific firmware versions (2.0-0, 2.0-1, 1.2-0, and 1.2-1). Successful exploitation of these vulnerabilities can lead to a denial-of-service condition via remote reboot or the disclosure of sensitive system configuration information, potentially compromising critical manufacturing infrastructure. The vulnerabilities stem from authentication bypass and missing authentication for critical functions. Firmware versions 2.1-0 for GW100 rev. 2 and 2.0-0 for GW120 address these issues.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an exposed ABB AWIN Gateway on a network (likely adjacent network).\u003c/li\u003e\n\u003cli\u003eAttacker sends a crafted, unauthenticated request to the targeted gateway to trigger CVE-2025-13778.\u003c/li\u003e\n\u003cli\u003eThe ABB AWIN Gateway processes the request without authentication.\u003c/li\u003e\n\u003cli\u003eThe gateway initiates a reboot, causing a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker sends another crafted, unauthenticated request to trigger CVE-2025-13777 or CVE-2025-13779.\u003c/li\u003e\n\u003cli\u003eThe gateway responds to the request, disclosing sensitive system configuration information.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the disclosed information to gain further insight into the network and potentially plan further attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can have significant impacts, particularly within critical manufacturing sectors where these gateways are deployed. A remote reboot (CVE-2025-13778) can disrupt operations, leading to production downtime and financial losses. Disclosure of sensitive system configuration information (CVE-2025-13777, CVE-2025-13779) can provide attackers with valuable insights, enabling them to plan further attacks, such as gaining unauthorized access to other systems or manipulating industrial processes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch affected ABB AWIN Gateways to the fixed versions (ABB AWIN Firmware 2.1-0 installed on ABB AWIN GW100 rev. 2 and ABB AWIN Firmware 2.0-0 installed on ABB AWIN GW120) as recommended in the ABB PSIRT security advisory 4JNO000329.\u003c/li\u003e\n\u003cli\u003eMinimize network exposure for all control system devices and systems, ensuring they are not accessible from the internet as recommended by CISA.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unauthenticated requests to ABB AWIN Gateways, specifically targeting endpoints related to system reboot or configuration retrieval using the provided Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T12:00:00Z","date_published":"2026-04-30T12:00:00Z","id":"/briefs/2026-04-abb-awin-gateways/","summary":"Multiple vulnerabilities in ABB AWIN Gateways allow an unauthenticated attacker to remotely reboot the device (CVE-2025-13778) or disclose sensitive system configuration details (CVE-2025-13777, CVE-2025-13779).","title":"ABB AWIN Gateway Vulnerabilities Allow Remote Reboot and Information Disclosure","url":"https://feed.craftedsignal.io/briefs/2026-04-abb-awin-gateways/"}],"language":"en","title":"CraftedSignal Threat Feed — Industrial_control_systems","version":"https://jsonfeed.org/version/1.1"}