cbcvebase.
CVE-2025-26390
published 2025-05-13

CVE-2025-26390: A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
42.0th percentile
A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.

Affected

4 ranges
VendorProductVersion rangeFixed in
siemensozw672< V6.0V6.0
siemensozw672_firmware< 6.06.0
siemensozw772< V6.0V6.0
siemensozw772_firmware< 6.06.0

Detection & IOCsextracted from sources · hover to see the quote

  • SQL injection in the web service authentication check of Siemens OZW672/OZW772 devices allows unauthenticated remote attackers to bypass authentication and authenticate as Administrator; monitor for anomalous or malformed authentication requests to the OZW web service
  • ·No known public exploitation specifically targeting this vulnerability has been reported at time of advisory publication

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.