Code Execution and SQL Injection Vulnerabilities in OZW Web Servers

Act Now10SSA-047424May 13, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

OZW672 and OZW772 web server devices contain code execution and SQL injection vulnerabilities (CWE-78, CWE-89) that allow remote attackers to execute arbitrary code with root privileges (versions before V8.0) or authenticate as Administrator (versions before V6.0). Exploitation requires only network access to the web server port and no valid credentials. Siemens has released patched firmware versions 8.0 and 6.0 for both device models.

What this means

What could happen

An attacker on the network could execute arbitrary code with root privileges on OZW672 or OZW772 web servers, gaining complete control of the device and potentially disrupting water treatment processes, power distribution controls, or SCADA operations.

Who's at risk

Water utilities and municipal electric providers using Siemens OZW672 or OZW772 web servers for SCADA, process control, or monitoring applications. These web-based devices are typically used for remote configuration and diagnostics of industrial controllers and data acquisition systems.

How it could be exploited

An attacker would send a specially crafted network request to the vulnerable web server port without needing any credentials. The server processes the request unsafely, allowing code injection (via CWE-78 or CWE-89 SQL injection paths) that executes with root privileges, giving the attacker full control of the device.

Prerequisites

Network access to the OZW672 or OZW772 web server port (typically HTTP/HTTPS)
No authentication required
Vulnerable firmware version installed

Remotely exploitableNo authentication requiredLow attack complexityAllows root code executionAffects critical SCADA/process control devices

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

OZW672< V8.08.0

OZW672< V6.06.0

OZW772< V8.08.0

OZW772< V6.06.0

Remediation & Mitigation

0/6

Do now

0/1

OZW672

WORKAROUNDRestrict network access to OZW672 and OZW772 web server ports using firewall rules—only allow connections from authorized workstations or networks

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

OZW672

HOTFIXUpdate OZW672 to firmware version 8.0 or later

HOTFIXUpdate OZW672 to firmware version 6.0 or later (if 8.0 is not available)

OZW772

HOTFIXUpdate OZW772 to firmware version 8.0 or later

HOTFIXUpdate OZW772 to firmware version 6.0 or later (if 8.0 is not available)

Long-term hardening

0/1

HARDENINGSegment the OT network to isolate these devices from direct internet access and unnecessary corporate network connectivity

CVEs (2)

CVE-2025-26389 CVE-2025-26390

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1b155829-0118-41dd-8973-77be3b53df61