A Note to our Customers and Partners in the Middle East
More Information
Academy
Labs
Careers
Partner Login
Support

Vulnerability Advisories

This page offers a comprehensive view of vulnerabilities identified by Nozomi Networks in critical OT, ICS, and IoT environments, showcasing the deep expertise and dedication of our world-class Security Research team.

Each advisory represents our ongoing effort to enhance the protection of industrial systems, identifying emerging threats before they can be exploited. Immediate protection is available through our Threat Intelligence (TI) subscription, supporting a proactive, forward-thinking defense strategy. For more on our responsible approach, refer to the Responsible Disclosure Policy.

Vulnerability Advisories

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Risk Level
CriticalHighMediumLow
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Date Published
CVE ID
Vendor
Product
Type
Risk
Details
May 21, 2025
CVE-2025-40573
Siemens
SCALANCE LPE9403
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 21, 2025
CVE-2025-40579
Siemens
SCALANCE LPE9403
Stack-based Buffer Overflow
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 21, 2025
CVE-2025-40580
Siemens
SCALANCE LPE9403
Stack-based Buffer Overflow
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 21, 2025
CVE-2025-40578
Siemens
SCALANCE LPE9403
Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 21, 2025
CVE-2025-40577
Siemens
SCALANCE LPE9403
Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 21, 2025
CVE-2025-40576
Siemens
SCALANCE LPE9403
NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 21, 2025
CVE-2025-40582
Siemens
SCALANCE LPE9403
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 21, 2025
CVE-2025-40581
Siemens
SCALANCE LPE9403
Incorrect Permission Assignment for Critical Resource
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 21, 2025
CVE-2025-40574
Siemens
SCALANCE LPE9403
Incorrect Permission Assignment for Critical Resource
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 21, 2025
CVE-2025-40572
Siemens
SCALANCE LPE9403
Incorrect Permission Assignment for Critical Resource
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 21, 2025
CVE-2025-40575
Siemens
SCALANCE LPE9403
Use of Uninitialized Variable
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 7, 2025
CVE-2025-1399
libplctag
libplctag
Out-of-bounds Read
Low
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 7, 2025
CVE-2025-1400
libplctag
libplctag
Out-of-bounds Read
Low
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32405
RT-Labs
P-Net
Out-of-bounds Write
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32404
RT-Labs
P-Net
Out-of-bounds Write
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32403
RT-Labs
P-Net
Out-of-bounds Write
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32399
RT-Labs
P-Net
Unchecked Input for Loop Condition
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32402
RT-Labs
P-Net
Out-of-bounds Write
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32401
RT-Labs
P-Net
Heap-based Buffer Overflow
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32398
RT-Labs
P-Net
NULL Pointer Dereference
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32400
RT-Labs
P-Net
Heap-based Buffer Overflow
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32396
RT-Labs
P-Net
Heap-based Buffer Overflow
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32397
RT-Labs
P-Net
Heap-based Buffer Overflow
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
May 5, 2025
CVE-2025-32730
I-Pro
I-Pro Configuration Tool
Use of Hard-coded Credentials
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24339
Bosch Rexroth
ctrlX CORE
Improper Neutralization of HTTP Headers for Scripting Syntax
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24338
Bosch Rexroth
ctrlX CORE
Improper Encoding or Escaping of Output
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24340
Bosch Rexroth
ctrlX CORE
Use of Password Hash With Insufficient Computational Effort
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24345
Bosch Rexroth
ctrlX CORE
Improper Validation of Syntactic Correctness of Input
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24341
Bosch Rexroth
ctrlX CORE
Allocation of Resources Without Limits or Throttling
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24342
Bosch Rexroth
ctrlX CORE
Observable Response Discrepancy
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24343
Bosch Rexroth
ctrlX CORE
Relative Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24346
Bosch Rexroth
ctrlX CORE
Improper Validation of Syntactic Correctness of Input
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24344
Bosch Rexroth
ctrlX CORE
Improper Neutralization of Script in an Error Message Web Page
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24350
Bosch Rexroth
ctrlX CORE
Relative Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-27532
Bosch Rexroth
ctrlX CORE
Cleartext Storage of Sensitive Information
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24351
Bosch Rexroth
ctrlX CORE
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24349
Bosch Rexroth
ctrlX CORE
Permissive List of Allowed Inputs
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24347
Bosch Rexroth
ctrlX CORE
Improper Validation of Syntactic Correctness of Input
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
April 29, 2025
CVE-2025-24348
Bosch Rexroth
ctrlX CORE
Improper Validation of Syntactic Correctness of Input
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 25, 2025
CVE-2025-24517
Inaba
IB-MCT001
Use of client-side authentication
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 25, 2025
CVE-2025-26689
Inaba
IB-MCT001
Forced browsing
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 25, 2025
CVE-2025-24852
Inaba
IB-MCT001
Storing passwords in a recoverable format
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 25, 2025
CVE-2025-25211
Inaba
IB-MCT001
Weak password requirements
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 7, 2025
CVE-2025-27256
GE Vernova
Enervista UR Setup
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 7, 2025
CVE-2025-27254
GE Vernova
Enervista UR Setup
Improper Authentication
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 7, 2025
CVE-2025-27257
GE Vernova
UR IED family
Insufficient Verification of Data Authenticity
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 18, 2025
CVE-2024-41975
CODESYS
CODESYS Gateway
Initialization of a Resource with an Insecure Default
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 7, 2025
CVE-2025-27255
GE Vernova
Enervista UR Setup
Use of Hard-coded Password
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 7, 2025
CVE-2025-27253
GE Vernova
UR IED family
Improper Input Validation
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 27, 2025
CVE-2024-10918
libmodbus
libmodbus
Stack-based Buffer Overflow
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 6, 2025
CVE-2024-12650
Wago
libwagosnmp
Unchecked Return Value
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 13, 2025
CVE-2024-12011
Zettler
130.8005
Buffer Over-read
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 13, 2025
CVE-2024-12012
Zettler
130.8005
Use of GET Request Method With Sensitive Query Strings
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 13, 2025
CVE-2024-12013
Zettler
130.8005
Use of Default Credentials
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26376
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26374
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26378
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26377
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26375
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26372
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26373
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26371
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26370
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26367
Q-Free
MaxTime
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26369
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26368
Q-Free
MaxTime
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26362
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26361
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26366
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26365
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26364
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26363
Q-Free
MaxTime
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26360
Q-Free
MaxTime
Missing Authentication for Critical Function
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26358
Q-Free
MaxTime
Improper Input Validation
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26357
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26359
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26356
Q-Free
MaxTime
Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26355
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26354
Q-Free
MaxTime
Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26352
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26351
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26353
Q-Free
MaxTime
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26350
Q-Free
MaxTime
Unrestricted Upload of File with Dangerous Type
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26345
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26349
Q-Free
MaxTime
Relative Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26347
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26348
Q-Free
MaxTime
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26346
Q-Free
MaxTime
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26344
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-1100
Q-Free
MaxTime
Use of Hard-coded Password
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-1101
Q-Free
MaxTime
Observable Response Discrepancy
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26343
Q-Free
MaxTime
Weak Authentication
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26342
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26339
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-1102
Q-Free
MaxTime
Origin Validation Error
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26341
Q-Free
MaxTime
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 12, 2025
CVE-2025-26340
Q-Free
MaxTime
Use of Hard-coded Cryptographic Key
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 27, 2025
CVE-2025-0695
Cesanta
Frozen
Allocation of Resources Without Limits or Throttling
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 27, 2025
CVE-2025-0696
Cesanta
Frozen
NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43384
Phoenix Contact
mGuard Families
Improper Removal of Sensitive Information Before Storage or Transfer
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
Previous
Next
CVE ID
CVE-2025-41670
Vendor
Phoenix Contact
Product
PLCnext family
Date Published
May 27, 2026
Type
Uncontrolled Search Path Element
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41669
Vendor
Phoenix Contact
Product
PLCnext family
Date Published
May 27, 2026
Type
Improper Verification of Cryptographic Signature
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41281
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41280
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Relative Path Traversal
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41279
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41278
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Out-of-bounds Read
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41277
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41276
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41275
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41274
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41273
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Authentication Bypass Using an Alternate Path or Channel
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41272
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41271
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Relative Path Traversal
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41270
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41269
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
View All

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your OT and IoT asset discovery, inventory, and management.

Request a DemoWatch Demo

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegrationsPSIRT

Professional Services

Professional ServicesDesignated EngineerFast Track ServicesHealth Check ServiceOptimization Service

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

DoW ZT for OTISA/IEC 62443 Standards NERC CIPNIS2 DirectiveSEC Cybersecurity RulesTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

AcademyCareersCompanyCustomer StoriesContact UsPartnersResourcesLabsLegalTrust Center
LinkedIn logo
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Notice and Certifications. System Status.