CVE-2025-26390: SQL Injection
First published: Tue May 13 2025(Updated: )
A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens OZW672 | <6.0 | |
| OZW OZW772 | <6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-26390?
CVE-2025-26390 has been classified with a high severity due to its potential to allow unauthenticated remote access.
How do I fix CVE-2025-26390?
To mitigate CVE-2025-26390, upgrade affected OZW672 and OZW772 devices to version 6.0 or higher.
What devices are affected by CVE-2025-26390?
CVE-2025-26390 affects OZW672 and OZW772 devices with all versions prior to 6.0.
Can CVE-2025-26390 be exploited remotely?
Yes, CVE-2025-26390 can be exploited remotely, allowing attackers to bypass authentication.
What type of vulnerability is CVE-2025-26390?
CVE-2025-26390 is an SQL injection vulnerability that impacts the web service of the affected devices.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/source
- agent/event
- vendor/ozw
- canonical/siemens ozw672
- canonical/ozw ozw772