A Note to our Customers and Partners in the Middle East
More Information
Academy
Labs
Careers
Partner Login
Support

Vulnerability Advisories

This page offers a comprehensive view of vulnerabilities identified by Nozomi Networks in critical OT, ICS, and IoT environments, showcasing the deep expertise and dedication of our world-class Security Research team.

Each advisory represents our ongoing effort to enhance the protection of industrial systems, identifying emerging threats before they can be exploited. Immediate protection is available through our Threat Intelligence (TI) subscription, supporting a proactive, forward-thinking defense strategy. For more on our responsible approach, refer to the Responsible Disclosure Policy.

Vulnerability Advisories

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Risk Level
CriticalHighMediumLow
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Date Published
CVE ID
Vendor
Product
Type
Risk
Details
April 29, 2025
CVE-2025-24341
Bosch Rexroth
ctrlX CORE
Allocation of Resources Without Limits or Throttling
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24342
Bosch Rexroth
ctrlX CORE
Observable Response Discrepancy
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24343
Bosch Rexroth
ctrlX CORE
Relative Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24346
Bosch Rexroth
ctrlX CORE
Improper Validation of Syntactic Correctness of Input
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24344
Bosch Rexroth
ctrlX CORE
Improper Neutralization of Script in an Error Message Web Page
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24350
Bosch Rexroth
ctrlX CORE
Relative Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-27532
Bosch Rexroth
ctrlX CORE
Cleartext Storage of Sensitive Information
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24351
Bosch Rexroth
ctrlX CORE
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24349
Bosch Rexroth
ctrlX CORE
Permissive List of Allowed Inputs
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24347
Bosch Rexroth
ctrlX CORE
Improper Validation of Syntactic Correctness of Input
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24348
Bosch Rexroth
ctrlX CORE
Improper Validation of Syntactic Correctness of Input
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 25, 2025
CVE-2025-24517
Inaba
IB-MCT001
Use of client-side authentication
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 25, 2025
CVE-2025-26689
Inaba
IB-MCT001
Forced browsing
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 25, 2025
CVE-2025-24852
Inaba
IB-MCT001
Storing passwords in a recoverable format
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 25, 2025
CVE-2025-25211
Inaba
IB-MCT001
Weak password requirements
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 7, 2025
CVE-2025-27256
GE Vernova
Enervista UR Setup
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 7, 2025
CVE-2025-27254
GE Vernova
Enervista UR Setup
Improper Authentication
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 7, 2025
CVE-2025-27257
GE Vernova
UR IED family
Insufficient Verification of Data Authenticity
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 18, 2025
CVE-2024-41975
CODESYS
CODESYS Gateway
Initialization of a Resource with an Insecure Default
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 7, 2025
CVE-2025-27255
GE Vernova
Enervista UR Setup
Use of Hard-coded Password
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 7, 2025
CVE-2025-27253
GE Vernova
UR IED family
Improper Input Validation
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 27, 2025
CVE-2024-10918
libmodbus
libmodbus
Stack-based Buffer Overflow
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 6, 2025
CVE-2024-12650
Wago
libwagosnmp
Unchecked Return Value
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 13, 2025
CVE-2024-12011
Zettler
130.8005
Buffer Over-read
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 13, 2025
CVE-2024-12012
Zettler
130.8005
Use of GET Request Method With Sensitive Query Strings
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 13, 2025
CVE-2024-12013
Zettler
130.8005
Use of Default Credentials
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26376
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26374
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26378
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26377
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26375
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26372
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26373
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26371
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26370
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26367
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26369
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26368
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26362
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26361
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26366
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26365
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26364
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26363
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26360
Q-Free
MaxTime
Missing Authentication for Critical Function
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26358
Q-Free
MaxTime
Improper Input Validation
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26357
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26359
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26356
Q-Free
MaxTime
Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26355
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26354
Q-Free
MaxTime
Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26352
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26351
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26353
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26350
Q-Free
MaxTime
Unrestricted Upload of File with Dangerous Type
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26345
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26349
Q-Free
MaxTime
Relative Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26347
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26348
Q-Free
MaxTime
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26346
Q-Free
MaxTime
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26344
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-1100
Q-Free
MaxTime
Use of Hard-coded Password
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-1101
Q-Free
MaxTime
Observable Response Discrepancy
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26343
Q-Free
MaxTime
Weak Authentication
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26342
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26339
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-1102
Q-Free
MaxTime
Origin Validation Error
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26341
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26340
Q-Free
MaxTime
Use of Hard-coded Cryptographic Key
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 27, 2025
CVE-2025-0695
Cesanta
Frozen
Allocation of Resources Without Limits or Throttling
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 27, 2025
CVE-2025-0696
Cesanta
Frozen
NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43384
Phoenix Contact
mGuard Families
Improper Removal of Sensitive Information Before Storage or Transfer
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43393
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43392
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43391
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43390
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43389
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43387
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-7698
Phoenix Contact
mGuard Families
Improper Removal of Sensitive Information Before Storage or Transfer
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43385
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43388
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43386
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-7699
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41967
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41970
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41973
Wago
Multiple Products
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41974
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41972
Wago
Multiple Products
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41971
Wago
Multiple Products
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41968
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41969
Wago
Multiple Products
Improper Access Control
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50377
Advantech
EKI Access Points
Hardcoded encryption key
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50371
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50376
Advantech
EKI Access Points
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50372
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50375
Advantech
EKI Access Points
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50373
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50374
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50370
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50369
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
Previous
Next
CVE ID
CVE-2026-2273
Vendor
Schneider Electric
Product
EcoStruxure™ Automation Expert
Date Published
March 10, 2026
Type
Improper Control of Generation of Code ('Code Injection')
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2026-22614
Vendor
Eaton
Product
EasySoft
Date Published
March 11, 2026
Type
Insufficiently Protected Credentials
Risk Score
Medium
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2026-3588
Vendor
Ikea
Product
Dirigera
Date Published
March 9, 2026
Type
Server Side Request Forgery
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2026-26098
Vendor
Owl
Product
opds
Date Published
February 23, 2026
Type
Uncontrolled Search Path Element
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2026-26101
Vendor
Owl
Product
opds
Date Published
February 23, 2026
Type
Incorrect Permission Assignment for Critical Resource
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2026-26099
Vendor
Owl
Product
opds
Date Published
February 23, 2026
Type
Uncontrolled Search Path Element
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
View All

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your OT and IoT asset discovery, inventory, and management.

Request a DemoWatch Demo

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegrationsPSIRT

Professional Services

Professional ServicesDesignated EngineerFast Track ServicesHealth Check ServiceOptimization Service

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

NERC CIPNIS2 DirectiveTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

AcademyCareersCompanyCustomer StoriesContact UsPartnersResourcesLabsLegalTrust Center
LinkedIn logo
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Policy and Certifications. System Status.