← back
CVE-2025-26390

CVE-2025-26390

CVSS 9.3 CRITICALEPSS 0.6%CWE-89
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Siemens · OZW672Siemens · OZW772

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/html/ssa-047424.html