Details of VAR-202505-1587

ID

VAR-202505-1587

CVE

CVE-2025-26389

TITLE

Siemens' OZW672 firmware and OZW772 in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-015796

DESCRIPTION

A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. Siemens' OZW672 firmware and OZW772 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions. Siemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)

Trust: 2.16

sources: NVD: CVE-2025-26389 // JVNDB: JVNDB-2025-015796 // CNVD: CNVD-2025-10579

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10579

AFFECTED PRODUCTS

vendor:	siemens	model:	ozw672	scope:	lt	version:	8.0	Trust: 1.0
vendor:	siemens	model:	ozw772	scope:	lt	version:	8.0	Trust: 1.0
vendor:	シーメンス	model:	ozw772	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ozw672	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	ozw772	scope:	lt	version:	5.2	Trust: 0.6
vendor:	siemens	model:	ozw672	scope:	lt	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	ozw672	scope:	lt	version:	v6.0	Trust: 0.6

sources: CNVD: CNVD-2025-10579 // JVNDB: JVNDB-2025-015796 // NVD: CVE-2025-26389

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2025-26389
value:	CRITICAL
Trust: 1.0
nvd@nist.gov:	CVE-2025-26389
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-26389
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-10579
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-10579
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2025-26389
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-26389
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-26389
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-10579 // JVNDB: JVNDB-2025-015796 // NVD: CVE-2025-26389 // NVD: CVE-2025-26389

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-015796 // NVD: CVE-2025-26389

EXTERNAL IDS

db:	NVD	id:	CVE-2025-26389	Trust: 3.2
db:	SIEMENS	id:	SSA-047424	Trust: 2.4
db:	ICS CERT	id:	ICSA-25-135-10	Trust: 0.8
db:	JVN	id:	JVNVU92528757	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-015796	Trust: 0.8
db:	CNVD	id:	CNVD-2025-10579	Trust: 0.6

sources: CNVD: CNVD-2025-10579 // JVNDB: JVNDB-2025-015796 // NVD: CVE-2025-26389

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-047424.html	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu92528757/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-26389	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-10	Trust: 0.8

sources: CNVD: CNVD-2025-10579 // JVNDB: JVNDB-2025-015796 // NVD: CVE-2025-26389

SOURCES

db:	CNVD	id:	CNVD-2025-10579
db:	JVNDB	id:	JVNDB-2025-015796
db:	NVD	id:	CVE-2025-26389

LAST UPDATE DATE

2025-10-12T20:56:44.694000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10579	date:	2025-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2025-015796	date:	2025-10-10T08:41:00
db:	NVD	id:	CVE-2025-26389	date:	2025-10-06T10:34:26.037

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10579	date:	2025-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2025-015796	date:	2025-10-10T00:00:00
db:	NVD	id:	CVE-2025-26389	date:	2025-05-13T10:15:23.513