CVE-2025-26390 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-26390 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.

EPSS 0.34% · 56.5th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.34%

56.5th percentile

Affected Products

Vendor	Product	Versions
Siemens	OZW772	0
siemens	ozw772_firmware	0
Siemens	OZW672	0
siemens	ozw672_firmware	0

Timeline

Feb 7, 2025 CVE ID Reserved
May 13, 2025 EPSS Score
May 13, 2025 Coalition ESS Score
May 13, 2025 CVE Published
May 13, 2025 CVE Updated
May 14, 2025 Coalition ESS Score
May 15, 2025 PoC Published
May 24, 2025 EPSS Score
May 26, 2025 Coalition ESS Score
Jun 4, 2025 EPSS Score
Jun 15, 2025 EPSS Score
Jun 26, 2025 EPSS Score

References

Open in Interactive Console →