Search criteria
7 vulnerabilities found for OZW672 by Siemens
VAR-202505-1588
Vulnerability from variot - Updated: 2025-10-12 22:21A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user. Siemens' OZW672 firmware and OZW772 The firmware has SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions.
Siemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-1588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ozw772",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "ozw672",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "ozw772",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ozw672",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ozw672",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "ozw772",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "8.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10580"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015585"
},
{
"db": "NVD",
"id": "CVE-2025-26390"
}
]
},
"cve": "CVE-2025-26390",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-10580",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-26390",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-015585",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2025-26390",
"trust": 1.0,
"value": "Critical"
},
{
"author": "OTHER",
"id": "JVNDB-2025-015585",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2025-10580",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10580"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015585"
},
{
"db": "NVD",
"id": "CVE-2025-26390"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in OZW672 (All versions \u003c V6.0), OZW772 (All versions \u003c V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as\r\nAdministrator user. Siemens\u0027 OZW672 firmware and OZW772 The firmware has SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions. \n\nSiemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-26390"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015585"
},
{
"db": "CNVD",
"id": "CNVD-2025-10580"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-26390",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-047424",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-25-135-10",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92528757",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015585",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-10580",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10580"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015585"
},
{
"db": "NVD",
"id": "CVE-2025-26390"
}
]
},
"id": "VAR-202505-1588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10580"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10580"
}
]
},
"last_update_date": "2025-10-12T22:21:35.824000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015585"
},
{
"db": "NVD",
"id": "CVE-2025-26390"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-047424.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92528757/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-26390"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10580"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015585"
},
{
"db": "NVD",
"id": "CVE-2025-26390"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-10580"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015585"
},
{
"db": "NVD",
"id": "CVE-2025-26390"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10580"
},
{
"date": "2025-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-015585"
},
{
"date": "2025-05-13T10:15:23.703000",
"db": "NVD",
"id": "CVE-2025-26390"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10580"
},
{
"date": "2025-10-09T08:39:00",
"db": "JVNDB",
"id": "JVNDB-2025-015585"
},
{
"date": "2025-10-03T20:46:58.210000",
"db": "NVD",
"id": "CVE-2025-26390"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0OZW672\u00a0 firmware and \u00a0OZW772\u00a0 in the firmware \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015585"
}
],
"trust": 0.8
}
}
VAR-202505-1587
Vulnerability from variot - Updated: 2025-10-12 20:56A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the exportDiagramPage endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. Siemens' OZW672 firmware and OZW772 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions.
Siemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-1587",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ozw672",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "ozw772",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "ozw772",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ozw672",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ozw772",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "ozw672",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v8.0"
},
{
"model": "ozw672",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10579"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015796"
},
{
"db": "NVD",
"id": "CVE-2025-26389"
}
]
},
"cve": "CVE-2025-26389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-10579",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-26389",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-26389",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-26389",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2025-26389",
"trust": 1.0,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-26389",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2025-26389",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2025-10579",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10579"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015796"
},
{
"db": "NVD",
"id": "CVE-2025-26389"
},
{
"db": "NVD",
"id": "CVE-2025-26389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in OZW672 (All versions \u003c V8.0), OZW772 (All versions \u003c V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. Siemens\u0027 OZW672 firmware and OZW772 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions. \n\nSiemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-26389"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015796"
},
{
"db": "CNVD",
"id": "CNVD-2025-10579"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-26389",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-047424",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-25-135-10",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92528757",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015796",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-10579",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10579"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015796"
},
{
"db": "NVD",
"id": "CVE-2025-26389"
}
]
},
"id": "VAR-202505-1587",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10579"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10579"
}
]
},
"last_update_date": "2025-10-12T20:56:44.694000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015796"
},
{
"db": "NVD",
"id": "CVE-2025-26389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-047424.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92528757/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-26389"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10579"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015796"
},
{
"db": "NVD",
"id": "CVE-2025-26389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-10579"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015796"
},
{
"db": "NVD",
"id": "CVE-2025-26389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10579"
},
{
"date": "2025-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-015796"
},
{
"date": "2025-05-13T10:15:23.513000",
"db": "NVD",
"id": "CVE-2025-26389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10579"
},
{
"date": "2025-10-10T08:41:00",
"db": "JVNDB",
"id": "JVNDB-2025-015796"
},
{
"date": "2025-10-06T10:34:26.037000",
"db": "NVD",
"id": "CVE-2025-26389"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0OZW672\u00a0 firmware and \u00a0OZW772\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015796"
}
],
"trust": 0.8
}
}
VAR-201708-1510
Vulnerability from variot - Updated: 2025-04-20 23:15A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp. Siemens OZW672 and OZW772 Contains a cryptographic vulnerability.Information may be obtained and information may be altered. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. There is a man-in-the-middle attack vulnerability in Siemens OZW672 and OZW772. Multiple Siemens OZW672 and OZW772 are prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1510",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ozw672",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": null
},
{
"model": "ozw772",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": null
},
{
"model": "ozw772",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "ozw672",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "ozw772",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ozw672",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ozw772",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ozw672",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-12866"
},
{
"db": "BID",
"id": "99473"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-624"
},
{
"db": "NVD",
"id": "CVE-2017-6873"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:ozw672_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ozw772_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006993"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb\u00f6ck from SEC Consult.",
"sources": [
{
"db": "BID",
"id": "99473"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6873",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-6873",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-12866",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-115076",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-6873",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6873",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6873",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-12866",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-624",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115076",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6873",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-12866"
},
{
"db": "VULHUB",
"id": "VHN-115076"
},
{
"db": "VULMON",
"id": "CVE-2017-6873"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-624"
},
{
"db": "NVD",
"id": "CVE-2017-6873"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp. Siemens OZW672 and OZW772 Contains a cryptographic vulnerability.Information may be obtained and information may be altered. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. There is a man-in-the-middle attack vulnerability in Siemens OZW672 and OZW772. Multiple Siemens OZW672 and OZW772 are prone to multiple authentication-bypass vulnerabilities. \nAn attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6873"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006993"
},
{
"db": "CNVD",
"id": "CNVD-2017-12866"
},
{
"db": "BID",
"id": "99473"
},
{
"db": "IVD",
"id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
},
{
"db": "VULHUB",
"id": "VHN-115076"
},
{
"db": "VULMON",
"id": "CVE-2017-6873"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6873",
"trust": 3.7
},
{
"db": "SIEMENS",
"id": "SSA-563539",
"trust": 2.7
},
{
"db": "BID",
"id": "99473",
"trust": 2.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-01",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201703-624",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-12866",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006993",
"trust": 0.8
},
{
"db": "IVD",
"id": "B6AAB7B7-CD78-4139-9B22-D94F00E179D1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115076",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6873",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-12866"
},
{
"db": "VULHUB",
"id": "VHN-115076"
},
{
"db": "VULMON",
"id": "CVE-2017-6873"
},
{
"db": "BID",
"id": "99473"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-624"
},
{
"db": "NVD",
"id": "CVE-2017-6873"
}
]
},
"id": "VAR-201708-1510",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-12866"
},
{
"db": "VULHUB",
"id": "VHN-115076"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-12866"
}
]
},
"last_update_date": "2025-04-20T23:15:59.149000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-563539",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf"
},
{
"title": "Patch for Siemens OZW672 and OZW772 man-in-the-middle attack vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/97345"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12866"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006993"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115076"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006993"
},
{
"db": "NVD",
"id": "CVE-2017-6873"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/99473"
},
{
"trust": 1.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6873"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6873"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12866"
},
{
"db": "VULHUB",
"id": "VHN-115076"
},
{
"db": "VULMON",
"id": "CVE-2017-6873"
},
{
"db": "BID",
"id": "99473"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-624"
},
{
"db": "NVD",
"id": "CVE-2017-6873"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
},
{
"db": "CNVD",
"id": "CNVD-2017-12866"
},
{
"db": "VULHUB",
"id": "VHN-115076"
},
{
"db": "VULMON",
"id": "CVE-2017-6873"
},
{
"db": "BID",
"id": "99473"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-624"
},
{
"db": "NVD",
"id": "CVE-2017-6873"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-05T00:00:00",
"db": "IVD",
"id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
},
{
"date": "2017-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12866"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-115076"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6873"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99473"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006993"
},
{
"date": "2017-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-624"
},
{
"date": "2017-08-08T00:29:00.320000",
"db": "NVD",
"id": "CVE-2017-6873"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12866"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-115076"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6873"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99473"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006993"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-624"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6873"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-624"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens OZW672 and OZW772 Cryptographic vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006993"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-624"
}
],
"trust": 0.6
}
}
VAR-201708-1509
Vulnerability from variot - Updated: 2025-04-20 23:15A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. Siemens OZW672 and OZW772 Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. There are data read and write vulnerabilities in Siemens OZW672 and OZW772. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. A security vulnerability exists in Siemens OZW672 and OZW772 devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1509",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ozw772",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "ozw672",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "ozw772",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "ozw672",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "ozw772",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ozw672",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ozw772",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ozw672",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
},
{
"db": "CNVD",
"id": "CNVD-2017-12867"
},
{
"db": "BID",
"id": "99473"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007020"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-625"
},
{
"db": "NVD",
"id": "CVE-2017-6872"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:ozw672_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ozw772_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007020"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb\u00f6ck from SEC Consult.",
"sources": [
{
"db": "BID",
"id": "99473"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6872",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6872",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-12867",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7002627a-a56c-43fd-b57e-9336b0866e9e",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-115075",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6872",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6872",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6872",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-12867",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-625",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7002627a-a56c-43fd-b57e-9336b0866e9e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-115075",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
},
{
"db": "CNVD",
"id": "CNVD-2017-12867"
},
{
"db": "VULHUB",
"id": "VHN-115075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007020"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-625"
},
{
"db": "NVD",
"id": "CVE-2017-6872"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. Siemens OZW672 and OZW772 Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. There are data read and write vulnerabilities in Siemens OZW672 and OZW772. \nAn attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. A security vulnerability exists in Siemens OZW672 and OZW772 devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6872"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007020"
},
{
"db": "CNVD",
"id": "CNVD-2017-12867"
},
{
"db": "BID",
"id": "99473"
},
{
"db": "IVD",
"id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
},
{
"db": "VULHUB",
"id": "VHN-115075"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6872",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-563539",
"trust": 2.6
},
{
"db": "BID",
"id": "99473",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201703-625",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-12867",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007020",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "7002627A-A56C-43FD-B57E-9336B0866E9E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115075",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
},
{
"db": "CNVD",
"id": "CNVD-2017-12867"
},
{
"db": "VULHUB",
"id": "VHN-115075"
},
{
"db": "BID",
"id": "99473"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007020"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-625"
},
{
"db": "NVD",
"id": "CVE-2017-6872"
}
]
},
"id": "VAR-201708-1509",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
},
{
"db": "CNVD",
"id": "CNVD-2017-12867"
},
{
"db": "VULHUB",
"id": "VHN-115075"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
},
{
"db": "CNVD",
"id": "CNVD-2017-12867"
}
]
},
"last_update_date": "2025-04-20T23:15:59.110000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-563539",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf"
},
{
"title": "Patch for SiemensOZW672 and OZW772 data read and write vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/97346"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12867"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007020"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.1
},
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007020"
},
{
"db": "NVD",
"id": "CVE-2017-6872"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99473"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6872"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6872"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12867"
},
{
"db": "VULHUB",
"id": "VHN-115075"
},
{
"db": "BID",
"id": "99473"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007020"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-625"
},
{
"db": "NVD",
"id": "CVE-2017-6872"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
},
{
"db": "CNVD",
"id": "CNVD-2017-12867"
},
{
"db": "VULHUB",
"id": "VHN-115075"
},
{
"db": "BID",
"id": "99473"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007020"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-625"
},
{
"db": "NVD",
"id": "CVE-2017-6872"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-05T00:00:00",
"db": "IVD",
"id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
},
{
"date": "2017-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12867"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-115075"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99473"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007020"
},
{
"date": "2017-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-625"
},
{
"date": "2017-08-08T00:29:00.290000",
"db": "NVD",
"id": "CVE-2017-6872"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12867"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-115075"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99473"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007020"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-625"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6872"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-625"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens OZW672 and OZW772 Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007020"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-625"
}
],
"trust": 0.6
}
}
VAR-201601-0459
Vulnerability from variot - Updated: 2025-04-13 23:26Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. A cross-site scripting vulnerability exists in the Siemens OZW672 and OZW772 devices. The vulnerability could be exploited by a remote attacker to change data and settings. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0459",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ozw772",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "ozw672",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "ozw772",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "ozw672",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "ozw672",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00"
},
{
"model": "ozw772",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00"
},
{
"model": "ozw672",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "ozw772",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ozw672",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ozw772",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "62b00c84-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001549"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-367"
},
{
"db": "NVD",
"id": "CVE-2016-1488"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:siemens:ozw672",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ozw672_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:ozw772",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ozw772_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001549"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Sood",
"sources": [
{
"db": "BID",
"id": "80915"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1488",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1488",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00391",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "62b00c84-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-90307",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1488",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1488",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1488",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-00391",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-367",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "62b00c84-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90307",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "62b00c84-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"db": "VULHUB",
"id": "VHN-90307"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001549"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-367"
},
{
"db": "NVD",
"id": "CVE-2016-1488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. A cross-site scripting vulnerability exists in the Siemens OZW672 and OZW772 devices. The vulnerability could be exploited by a remote attacker to change data and settings. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1488"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001549"
},
{
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"db": "BID",
"id": "80915"
},
{
"db": "IVD",
"id": "62b00c84-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-90307"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1488",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-019-01",
"trust": 3.1
},
{
"db": "SIEMENS",
"id": "SSA-743465",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201601-367",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-00391",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001549",
"trust": 0.8
},
{
"db": "BID",
"id": "80915",
"trust": 0.4
},
{
"db": "IVD",
"id": "62B00C84-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-90307",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "62b00c84-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"db": "VULHUB",
"id": "VHN-90307"
},
{
"db": "BID",
"id": "80915"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001549"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-367"
},
{
"db": "NVD",
"id": "CVE-2016-1488"
}
]
},
"id": "VAR-201601-0459",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "62b00c84-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"db": "VULHUB",
"id": "VHN-90307"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "62b00c84-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00391"
}
]
},
"last_update_date": "2025-04-13T23:26:39.884000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-743465",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf"
},
{
"title": "Patch for SiemensOZW672 and OZW772 cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/70337"
},
{
"title": "Siemens OZW672 and OZW772 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59685"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001549"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-367"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90307"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001549"
},
{
"db": "NVD",
"id": "CVE-2016-1488"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-019-01"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1488"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1488"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"db": "VULHUB",
"id": "VHN-90307"
},
{
"db": "BID",
"id": "80915"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001549"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-367"
},
{
"db": "NVD",
"id": "CVE-2016-1488"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "62b00c84-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"db": "VULHUB",
"id": "VHN-90307"
},
{
"db": "BID",
"id": "80915"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001549"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-367"
},
{
"db": "NVD",
"id": "CVE-2016-1488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-21T00:00:00",
"db": "IVD",
"id": "62b00c84-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"date": "2016-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-90307"
},
{
"date": "2016-01-15T00:00:00",
"db": "BID",
"id": "80915"
},
{
"date": "2016-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001549"
},
{
"date": "2016-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-367"
},
{
"date": "2016-01-30T12:59:03.103000",
"db": "NVD",
"id": "CVE-2016-1488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"date": "2016-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-90307"
},
{
"date": "2016-02-11T07:36:00",
"db": "BID",
"id": "80915"
},
{
"date": "2016-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001549"
},
{
"date": "2016-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-367"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1488"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-367"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens OZW672 and OZW772 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00391"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-367"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-367"
}
],
"trust": 0.6
}
}
VAR-202411-0737
Vulnerability from variot - Updated: 2024-11-28 20:10A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks.
This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker. Siemens' OZW672 firmware and OZW772 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. OZW devices (web servers) are used to remotely monitor building controller devices, such as heating controls or air conditioning.
Siemens OZW devices (web servers) have a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-0737",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ozw672",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "ozw772",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "ozw772",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ozw672",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45220"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012845"
},
{
"db": "NVD",
"id": "CVE-2024-36140"
}
]
},
"cve": "CVE-2024-36140",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-45220",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2024-36140",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"id": "CVE-2024-36140",
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2024-36140",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-36140",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2024-36140",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-36140",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-45220",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45220"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012845"
},
{
"db": "NVD",
"id": "CVE-2024-36140"
},
{
"db": "NVD",
"id": "CVE-2024-36140"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in OZW672 (All versions \u003c V5.2), OZW772 (All versions \u003c V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. \r\n\r\nThis could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker. Siemens\u0027 OZW672 firmware and OZW772 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. OZW devices (web servers) are used to remotely monitor building controller devices, such as heating controls or air conditioning. \n\nSiemens OZW devices (web servers) have a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-36140"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012845"
},
{
"db": "CNVD",
"id": "CNVD-2024-45220"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-36140",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-230445",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-24-319-03",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96191615",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012845",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-45220",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45220"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012845"
},
{
"db": "NVD",
"id": "CVE-2024-36140"
}
]
},
"id": "VAR-202411-0737",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45220"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45220"
}
]
},
"last_update_date": "2024-11-28T20:10:13.609000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens OZW devices (web servers) cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/617291"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-012845"
},
{
"db": "NVD",
"id": "CVE-2024-36140"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-230445.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96191615/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-36140"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45220"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012845"
},
{
"db": "NVD",
"id": "CVE-2024-36140"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-45220"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012845"
},
{
"db": "NVD",
"id": "CVE-2024-36140"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-45220"
},
{
"date": "2024-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-012845"
},
{
"date": "2024-11-12T13:15:07.957000",
"db": "NVD",
"id": "CVE-2024-36140"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-45220"
},
{
"date": "2024-11-18T04:46:00",
"db": "JVNDB",
"id": "JVNDB-2024-012845"
},
{
"date": "2024-11-15T22:53:26.063000",
"db": "NVD",
"id": "CVE-2024-36140"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0OZW672\u00a0 firmware and \u00a0OZW772\u00a0 Cross-site scripting vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-012845"
}
],
"trust": 0.8
}
}
VAR-202002-1475
Vulnerability from variot - Updated: 2024-11-23 21:21A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. OZW672 and OZW772 Contains vulnerabilities in externally accessible files or directories.Information may be obtained. Siemens OZW672 and OZW772 are the building controller products of Germany's Siemens
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-1475",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ozw772",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "10.00"
},
{
"model": "ozw672",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "10.00"
},
{
"model": "ozw672",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "10.00"
},
{
"model": "ozw772",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "10.00"
},
{
"model": "ozw672",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v10.00"
},
{
"model": "ozw772",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v10.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ozw672",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ozw772",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
},
{
"db": "CNVD",
"id": "CNVD-2020-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014548"
},
{
"db": "NVD",
"id": "CVE-2019-13941"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:ozw672_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ozw772_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014548"
}
]
},
"cve": "CVE-2019-13941",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13941",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014548",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-15262",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13941",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014548",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13941",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014548",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-15262",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-454",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
},
{
"db": "CNVD",
"id": "CNVD-2020-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014548"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-454"
},
{
"db": "NVD",
"id": "CVE-2019-13941"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in OZW672 (All versions \u003c V10.00), OZW772 (All versions \u003c V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application\u0027s export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. OZW672 and OZW772 Contains vulnerabilities in externally accessible files or directories.Information may be obtained. Siemens OZW672 and OZW772 are the building controller products of Germany\u0027s Siemens",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13941"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014548"
},
{
"db": "CNVD",
"id": "CNVD-2020-15262"
},
{
"db": "IVD",
"id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13941",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-09",
"trust": 3.0
},
{
"db": "SIEMENS",
"id": "SSA-986695",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2020-15262",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-454",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014548",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486.2",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-06",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-07",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-10",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-05",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-08",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-04",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "9D70A0CB-14C2-49AD-8202-3AE7B396C3AD",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
},
{
"db": "CNVD",
"id": "CNVD-2020-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014548"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-454"
},
{
"db": "NVD",
"id": "CVE-2019-13941"
}
]
},
"id": "VAR-202002-1475",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
},
{
"db": "CNVD",
"id": "CNVD-2020-15262"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
},
{
"db": "CNVD",
"id": "CNVD-2020-15262"
}
]
},
"last_update_date": "2024-11-23T21:21:04.171000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-986695",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
},
{
"title": "Patch for Siemens OZW672 and OZW772 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/206793"
},
{
"title": "Siemens OZW672 and OZW772 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110189"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014548"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-454"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-552",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014548"
},
{
"db": "NVD",
"id": "CVE-2019-13941"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13941"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13941"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014548"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-454"
},
{
"db": "NVD",
"id": "CVE-2019-13941"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
},
{
"db": "CNVD",
"id": "CNVD-2020-15262"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014548"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-454"
},
{
"db": "NVD",
"id": "CVE-2019-13941"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "IVD",
"id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
},
{
"date": "2020-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15262"
},
{
"date": "2020-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014548"
},
{
"date": "2020-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-454"
},
{
"date": "2020-02-11T16:15:14.897000",
"db": "NVD",
"id": "CVE-2019-13941"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15262"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014548"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-454"
},
{
"date": "2024-11-21T04:25:44.447000",
"db": "NVD",
"id": "CVE-2019-13941"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OZW672 and OZW772 Vulnerability in externally accessible files or directories in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014548"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-454"
}
],
"trust": 0.6
}
}