VYPR

OZW772

by Siemens Foundation

CVEs (4)

  • CVE-2025-26390May 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and…

  • CVE-2025-26389May 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to…

  • CVE-2024-36140Nov 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker to inject arbitrary…

  • CVE-2019-13941Feb 11, 2020
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export…