CVE-2025-26390CRITICAL 9.8EPSS p41.8%

CVE-2025-26390CVE-2025-26390

Description

A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.8% · 2026-06-18T12:00:27Z
Published2025-05-13
Last modified2025-10-03

Underlying weaknesses· 1

CWE-89

References

  1. https://cert-portal.siemens.com/productcert/html/ssa-047424.html

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-26389
CVE
CVE-2026-20998
CVE
CVE-2026-24789
CVE
CVE-2026-28536
CVE
CVE-2025-46272
CVE
CVE-2025-41652
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.