Primary

Context

Siemens OZW Web Services SQL Injection Vulnerability Allowing Authentication as Administrator

Vulnerability

Patched

A SQL injection vulnerability has been identified in the web services of Siemens OZW672 and OZW772 devices, all versions prior to V6.0. This vulnerability allows an unauthenticated remote attacker to manipulate authentication checks and gain access as an Administrator user.

Impact

Exploitation of this vulnerability allows an unauthenticated remote attacker to bypass authentication checks and authenticate as an Administrator user on the affected device.

Remediation

Siemens has released new versions for the affected products. Users are advised to update to the latest versions. Product-specific update instructions can be found on the Siemens Support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens OZW Web Services SQL Injection Vulnerability Allowing Authentication as Administrator

Vulnerability

Impact

Remediation

Affected Products

Siemens OZW672

Siemens OZW772

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating