Ozw772 Firmware

ozw772_firmware

Vendor: Siemens • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-26390 1Siemens 2Ozw672 Firmware Ozw772 Firmware Oct 3, 2025 May 13, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an...Show more A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.Show less
CVE-2025-26389 1Siemens 2Ozw672 Firmware Ozw772 Firmware Oct 6, 2025 May 13, 2025 10.0 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint....Show more A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.Show less
CVE-2024-36140 1Siemens 2Ozw672 Firmware Ozw772 Firmware Nov 15, 2024 Nov 12, 2024 8.2 HIGH· v4 5.4 MEDIUM· v3 N/A· v2 A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow...Show more A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker.Show less
CVE-2019-13941 1Siemens 2Ozw672 Firmware Ozw772 Firmware Nov 21, 2024 Feb 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated us...Show more A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.Show less
CVE-2017-6873 1Siemens 2Ozw672 Firmware Ozw772 Firmware May 13, 2026 Aug 8, 2017 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the...Show more A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.Show less
CVE-2017-6872 1Siemens 2Ozw672 Firmware Ozw772 Firmware May 13, 2026 Aug 8, 2017 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.
CVE-2016-1488 1Siemens 2Ozw672 Firmware Ozw772 Firmware May 6, 2026 Jan 30, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or H...Show more Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.Show less