cvedb.io
CVE-2025-26390
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-05-13T10:15:23.703 · Last modified 2026-06-17T09:01:41.400

Summary

A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.

Affected products

siemens — ozw672_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when siemens ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.