CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-26390

A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.2%

CVSS Severity

CVSS v3 Score 9.8

References

https://cert-portal.siemens.com/productcert/html/ssa-047424.html

Products affected by CVE-2025-26390

Siemens » Ozw672 » Version: N/A

cpe:2.3:h:siemens:ozw672:-
Siemens » Ozw772 » Version: N/A

cpe:2.3:h:siemens:ozw772:-
Siemens » Ozw672 Firmware » Version: N/A

cpe:2.3:o:siemens:ozw672_firmware:-
Siemens » Ozw672 Firmware » Version: 5.2

cpe:2.3:o:siemens:ozw672_firmware:5.2
Siemens » Ozw772 Firmware » Version: N/A

cpe:2.3:o:siemens:ozw772_firmware:-
Siemens » Ozw772 Firmware » Version: 5.2

cpe:2.3:o:siemens:ozw772_firmware:5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-26390

Products

Pricing

Contact Us