Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26389

A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.

Published

2025-05-13T10:15:23.513

Last Modified

2025-10-06T10:34:26.037

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 10.0 (CRITICAL)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	ozw672_firmware	< 8.0	Yes
Hardware	siemens	ozw672	-	No
Operating System	siemens	ozw772_firmware	< 8.0	Yes
Hardware	siemens	ozw772	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-047424.html Vendor Advisory ([email protected])