Machine-generated analysis · WAYSCloud LLM
An authentication bypass vulnerability allows unauthenticated querying of system configuration on ABB AWIN Gateways. The advisory notes deployment in critical manufacturing sectors.
Context
ABB AWIN Gateways are industrial control devices used in critical manufacturing environments. The advisory states that successful exploitation could allow remote device reboot or unauthenticated access to sensitive system configuration data. The vulnerability is attributed to improper session validation and missing authentication for critical functions. Fixed firmware versions 2.1-0 for GW100 and 2.0-0 for GW120 are explicitly listed as remediation.
Operator considerations
Check: Inventory all ABB AWIN GW100 rev.2 and GW120 devices for affected firmware versions 2.0-0, 2.0-1, 1.2-0, and 1.2-1
Successful exploitation of these vulnerabilities could allow an attacker to remotely reboot the device or complete an unauthenticated query to reveal system configuration, including sensitive details.
Read the full advisory on CISA →