Primary

Context

Siemens OZW Web Servers Code Execution Vulnerability

Vulnerability

Patched

A code execution vulnerability has been identified in Siemens OZW672 and OZW772 web server versions prior to V8.0. The issue arises because the web service does not properly sanitize input parameters for the 'exportDiagramPage' endpoint. This lack of input validation could enable an unauthenticated remote attacker to execute arbitrary code with root privileges on the affected devices.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with root privileges on the affected device.

Remediation

Siemens has released new versions for the affected products. Users are advised to update to the latest versions. Product-specific update instructions can be found on the Siemens Support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens OZW Web Servers Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens OZW672

Siemens OZW772

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating