cbcvebase.

Siemens Ozw672 vulnerabilities

3 known vulnerabilities affecting siemens/ozw672.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-26389P2CRITICALCVSS 9.8fixed in V8.02025-05-13
CVE-2025-26389 [CRITICAL] CWE-78 CVE-2025-26389: A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). T A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.
nvd
CVE-2025-26390P2CRITICALCVSS 9.8fixed in V6.02025-05-13
CVE-2025-26390 [CRITICAL] CWE-89 CVE-2025-26390: A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). T A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.
nvd
CVE-2024-36140P4MEDIUMCVSS 5.4fixed in V5.22024-11-12
CVE-2024-36140 [MEDIUM] CWE-79 CVE-2024-36140: A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). T A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with
nvd
Siemens Ozw672 vulnerabilities | cvebase