VDB
CVE-2025-26390
CVE-2025-26390
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.
EPSS 0.34% · 57.0th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.34%
57.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | OZW772 | 0 |
| siemens | ozw772_firmware | 0 |
| Siemens | OZW672 | 0 |
| siemens | ozw672_firmware | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-26390 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-047424.html (circl)
Timeline
- May 13, 2025 EPSS Score
- May 13, 2025 Coalition ESS Score
- May 13, 2025 CVE Published
- May 14, 2025 Coalition ESS Score
- May 15, 2025 PoC Published
- May 24, 2025 EPSS Score
- May 26, 2025 Coalition ESS Score
- Jun 5, 2025 EPSS Score
- Jun 16, 2025 EPSS Score
- Jun 28, 2025 EPSS Score
- Jul 9, 2025 EPSS Score
- Jul 21, 2025 EPSS Score