CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The vulnerabilities of the web servers OZW672 and OZW772, related to the failure to take measures to neutralize special elements, allow attackers to execute arbitrary code.

The vulnerability of web servers OZW672 and OZW772 is related to the failure to take measures to neutralize special elements used in the command when processing the exportDiagramPage parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...

10CVSS6AI score0.01106EPSS

Exploits0References3Affected Software2

RedhatCVE•added 2025/05/23 6:28 a.m.•6 views

CVE-2024-36140

A vulnerability has been identified in OZW672 All versions V5.2, OZW772 All versions V5.2. The user accounts tab of affected devices is vulnerable to stored cross-site scripting XSS attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later execut...

8.2CVSS5.5AI score0.00203EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:6 a.m.•6 views

CVE-2019-13941

A vulnerability has been identified in OZW672 All versions V10.00, OZW772 All versions V10.00. Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific...

7.5CVSS6.7AI score0.00469EPSS

Exploits0References1

RedhatCVE•added 2025/05/15 10:10 a.m.•7 views

CVE-2025-26390

A vulnerability has been identified in OZW672 All versions V6.0, OZW772 All versions V6.0. The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrato...

9.8CVSS8.3AI score0.00339EPSS

Exploits0References1

OSV•added 2025/05/13 10:15 a.m.•0 views

CVE-2025-26390

9.3CVSS5.8AI score

Exploits0References1

NVD•added 2025/05/13 10:15 a.m.•9 views

CVE-2025-26390

9.8CVSS0.00339EPSS

Exploits0References1

NVD•added 2025/05/13 10:15 a.m.•14 views

CVE-2025-26389

A vulnerability has been identified in OZW672 All versions V8.0, OZW772 All versions V8.0. The web service in affected devices does not sanitize the input parameters required for the exportDiagramPage endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with roo...

10CVSS0.01106EPSS

Exploits0References1

OSV•added 2025/05/13 10:15 a.m.•1 views

CVE-2025-26389

9.8CVSS6.1AI score

Exploits0References1

Cvelist•added 2025/05/13 9:38 a.m.•10 views

CVE-2025-26390

9.8CVSS0.00339EPSS

Exploits0References1

Vulnrichment•added 2025/05/13 9:38 a.m.•7 views

CVE-2025-26390

9.8CVSS9.9AI score0.00339EPSS

Exploits0References1

CVE•added 2025/05/13 9:38 a.m.•35 views

CVE-2025-26390

The CVE-2025-26390 entry concerns Siemens OZW672 and OZW772 web servers vulnerable to SQL injection during authentication checks. Affected versions are OZW672 and OZW772 prior to V6.0; exploitation could allow an unauthenticated remote attacker to bypass authentication and log in as Administrator...

9.8CVSS8.5AI score0.00339EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/05/13 9:38 a.m.•12 views

CVE-2025-26389

10CVSS0.01106EPSS

Exploits0References1

Vulnrichment•added 2025/05/13 9:38 a.m.•5 views

CVE-2025-26389

10CVSS9.6AI score0.01106EPSS

Exploits0References1

CVE•added 2025/05/13 9:38 a.m.•38 views

CVE-2025-26389

Siemens OZW672 and OZW772 web servers (embedded in affected devices) prior to V8.0 are vulnerable. The exportDiagramPage endpoint does not sanitize input parameters, enabling an unauthenticated remote attacker to execute arbitrary code with root privileges over the network. Affected versions: OZW...

10CVSS8.3AI score0.01106EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by