Details of VAR-202505-1588

ID

VAR-202505-1588

CVE

CVE-2025-26390

TITLE

Siemens OZW Web Servers Code Execution and SQL Injection Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2025-10580

DESCRIPTION

A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions. Siemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)

Trust: 1.44

sources: NVD: CVE-2025-26390 // CNVD: CNVD-2025-10580

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10580

AFFECTED PRODUCTS

vendor:	siemens	model:	ozw672	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	ozw772	scope:	lt	version:	8.0	Trust: 0.6
vendor:	siemens	model:	ozw772	scope:	lt	version:	6.0	Trust: 0.6

sources: CNVD: CNVD-2025-10580

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2025-26390
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-10580
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-10580
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2025-26390
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-10580 // NVD: CVE-2025-26390

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2025-26390

EXTERNAL IDS

db:	NVD	id:	CVE-2025-26390	Trust: 1.6
db:	SIEMENS	id:	SSA-047424	Trust: 1.6
db:	CNVD	id:	CNVD-2025-10580	Trust: 0.6

sources: CNVD: CNVD-2025-10580 // NVD: CVE-2025-26390

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-047424.html

Trust: 1.6

sources: CNVD: CNVD-2025-10580 // NVD: CVE-2025-26390

SOURCES

db:	CNVD	id:	CNVD-2025-10580
db:	NVD	id:	CVE-2025-26390

LAST UPDATE DATE

2025-05-31T22:47:12.425000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10580	date:	2025-05-23T00:00:00
db:	NVD	id:	CVE-2025-26390	date:	2025-05-13T19:35:18.080

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10580	date:	2025-05-13T00:00:00
db:	NVD	id:	CVE-2025-26390	date:	2025-05-13T10:15:23.703