Mitsubishi Electric to Acquire Nozomi Networks
Read the News
Academy
Labs
Careers
Partner Login
Support

Vulnerability Advisories

This page offers a comprehensive view of vulnerabilities identified by Nozomi Networks in critical OT, ICS, and IoT environments, showcasing the deep expertise and dedication of our world-class Security Research team.

Each advisory represents our ongoing effort to enhance the protection of industrial systems, identifying emerging threats before they can be exploited. Immediate protection is available through our Threat Intelligence (TI) subscription, supporting a proactive, forward-thinking defense strategy. For more on our responsible approach, refer to the Responsible Disclosure Policy.

Vulnerability Advisories

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Risk Level
CriticalHighMediumLow
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Date Published
CVE ID
Vendor
Product
Type
Risk
Details
February 13, 2025
CVE-2024-12011
Zettler
130.8005
Buffer Over-read
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 13, 2025
CVE-2024-12012
Zettler
130.8005
Use of GET Request Method With Sensitive Query Strings
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 13, 2025
CVE-2024-12013
Zettler
130.8005
Use of Default Credentials
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26376
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26374
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26378
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26377
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26375
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26372
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26373
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26371
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26370
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26367
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26369
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26368
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26362
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26361
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26366
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26365
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26364
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26363
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26360
Q-Free
MaxTime
Missing Authentication for Critical Function
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26358
Q-Free
MaxTime
Improper Input Validation
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26357
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26359
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26356
Q-Free
MaxTime
Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26355
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26354
Q-Free
MaxTime
Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26352
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26351
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26353
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26350
Q-Free
MaxTime
Unrestricted Upload of File with Dangerous Type
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26345
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26349
Q-Free
MaxTime
Relative Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26347
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26348
Q-Free
MaxTime
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26346
Q-Free
MaxTime
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26344
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-1100
Q-Free
MaxTime
Use of Hard-coded Password
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-1101
Q-Free
MaxTime
Observable Response Discrepancy
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26343
Q-Free
MaxTime
Weak Authentication
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26342
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26339
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-1102
Q-Free
MaxTime
Origin Validation Error
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26341
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26340
Q-Free
MaxTime
Use of Hard-coded Cryptographic Key
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 27, 2025
CVE-2025-0695
Cesanta
Frozen
Allocation of Resources Without Limits or Throttling
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 27, 2025
CVE-2025-0696
Cesanta
Frozen
NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43384
Phoenix Contact
mGuard Families
Improper Removal of Sensitive Information Before Storage or Transfer
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43393
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43392
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43391
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43390
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43389
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43387
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-7698
Phoenix Contact
mGuard Families
Improper Removal of Sensitive Information Before Storage or Transfer
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43385
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43388
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43386
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-7699
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41967
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41970
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41973
Wago
Multiple Products
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41974
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41972
Wago
Multiple Products
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41971
Wago
Multiple Products
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41968
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41969
Wago
Multiple Products
Improper Access Control
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50377
Advantech
EKI Access Points
Hardcoded encryption key
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50371
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50376
Advantech
EKI Access Points
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50372
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50375
Advantech
EKI Access Points
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50373
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50374
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50370
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50369
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50364
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50367
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50368
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50365
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50366
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50362
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50359
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50361
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50358
Advantech
EKI Access Points
Use of Hard-coded Cryptographic Key
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50360
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50363
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42383
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42384
Cesanta
Mongoose Web Server
CWE-190 Integer Overflow or Wraparound
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42385
Cesanta
Mongoose Web Server
CWE-140 Improper Neutralization of Delimiters
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42386
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42387
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42388
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42389
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42390
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42391
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42392
Cesanta
Mongoose Web Server
CWE-140 Improper Neutralization of Delimiters
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 24, 2024
CVE-2024-3184
EmbedThis
GoAhead
Multiple NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 24, 2024
CVE-2024-3186
EmbedThis
GoAhead
NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
Previous
Next
CVE ID
CVE-2025-11243
Vendor
Shelly
Product
Pro 4PM
Date Published
November 18, 2025
Type
Allocation of Resources Without Limits or Throttling
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-12056
Vendor
Shelly
Product
Pro 3EM
Date Published
November 18, 2025
Type
Out-of-bounds Read
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-11678
Vendor
warmcat
Product
libwebsockets
Date Published
October 10, 2025
Type
Stack-based Buffer Overflow
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-11680
Vendor
warmcat
Product
libwebsockets
Date Published
October 10, 2025
Type
Out-of-bounds Write
Risk Score
Medium
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-11677
Vendor
warmcat
Product
libwebsockets
Date Published
October 10, 2025
Type
Use after free
Risk Score
Medium
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-11679
Vendor
warmcat
Product
libwebsockets
Date Published
October 10, 2025
Type
Out-of-bounds Read
Risk Score
Medium
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
View All

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your OT and IoT asset discovery, inventory, and management.

Request a DemoWatch Demo

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegrationsPSIRT

Professional Services

Professional ServicesDesignated EngineerFast Track ServicesHealth Check ServiceOptimization Service

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

NERC CIPNIS2 DirectiveTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

AcademyCareersCompanyCustomer StoriesContact UsPartnersResourcesLabsLegalTrust Center
LinkedIn logo
© 2025 Nozomi Networks Inc. All Rights Reserved. Privacy Policy and Certifications. System Status.