A Note to our Customers and Partners in the Middle East
More Information
Academy
Labs
Careers
Partner Login
Support

Vulnerability Advisories

This page offers a comprehensive view of vulnerabilities identified by Nozomi Networks in critical OT, ICS, and IoT environments, showcasing the deep expertise and dedication of our world-class Security Research team.

Each advisory represents our ongoing effort to enhance the protection of industrial systems, identifying emerging threats before they can be exploited. Immediate protection is available through our Threat Intelligence (TI) subscription, supporting a proactive, forward-thinking defense strategy. For more on our responsible approach, refer to the Responsible Disclosure Policy.

Vulnerability Advisories

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Risk Level
CriticalHighMediumLow
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Date Published
CVE ID
Vendor
Product
Type
Risk
Details
December 10, 2024
CVE-2024-43393
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43392
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43391
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43390
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43389
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43387
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-7698
Phoenix Contact
mGuard Families
Improper Removal of Sensitive Information Before Storage or Transfer
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43385
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43388
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-43386
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 10, 2024
CVE-2024-7699
Phoenix Contact
mGuard Families
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41967
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41970
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41973
Wago
Multiple Products
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41974
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41972
Wago
Multiple Products
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41971
Wago
Multiple Products
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41968
Wago
Multiple Products
Improper Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 3, 2024
CVE-2024-41969
Wago
Multiple Products
Improper Access Control
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50377
Advantech
EKI Access Points
Hardcoded encryption key
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50371
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50376
Advantech
EKI Access Points
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50372
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50375
Advantech
EKI Access Points
Missing Authentication for Critical Function
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50373
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50374
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50370
Advantech
EKI Access Points
Remote Command Execution (RCE)
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50369
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50364
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50367
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50368
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50365
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50366
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50362
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50359
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50361
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50358
Advantech
EKI Access Points
Use of Hard-coded Cryptographic Key
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50360
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 27, 2024
CVE-2024-50363
Advantech
EKI Access Points
Command Injection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42383
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42384
Cesanta
Mongoose Web Server
CWE-190 Integer Overflow or Wraparound
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42385
Cesanta
Mongoose Web Server
CWE-140 Improper Neutralization of Delimiters
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42386
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42387
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42388
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42389
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42390
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42391
Cesanta
Mongoose Web Server
CWE-823 Use of Out-of-range Pointer Offset
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 18, 2024
CVE-2024-42392
Cesanta
Mongoose Web Server
CWE-140 Improper Neutralization of Delimiters
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 24, 2024
CVE-2024-3184
EmbedThis
GoAhead
Multiple NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 24, 2024
CVE-2024-3186
EmbedThis
GoAhead
NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 24, 2024
CVE-2024-3187
EmbedThis
GoAhead
Expired Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 24, 2024
CVE-2018-14797
Emerson
DeltaV DCS Workstations
Unauthorized Code Execution
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 24, 2024
CVE-2021-36205
Johnson Controls
Metasys ADS/ADX/OAS Servers
Incomplete Cleanup
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 18, 2024
CVE-2024-42483
Espressif
ESP-NOW
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 18, 2024
CVE-2024-42484
Espressif
ESP-NOW
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-41173
Beckhoff
TwinCAT/BSD
CWE-288 Authentication Bypass Using an Alternate Path or Channel
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-41174
Beckhoff
TwinCAT/BSD
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-41175
Beckhoff
TwinCAT/BSD
CWE-770 Allocation of Resources Without Limits or Throttling
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-41176
Beckhoff
TwinCAT/BSD
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31174
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-23915
Open Networking Foundation (ONF)
libfluid
CWE-690 Unchecked Return Value to NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31181
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31178
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31197
Open Networking Foundation (ONF)
libfluid
CWE-170 Improper Null Termination
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31179
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31196
Open Networking Foundation (ONF)
libfluid
CWE-690 Unchecked Return Value to NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31180
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31175
Open Networking Foundation (ONF)
libfluid
CWE-690 Unchecked Return Value to NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31168
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31187
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31191
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31164
Open Networking Foundation (ONF)
libfluid
CWE-690 Unchecked Return Value to NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31172
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31173
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31165
Open Networking Foundation (ONF)
libfluid
CWE-690 Unchecked Return Value to NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31190
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31169
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31186
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31193
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31185
Open Networking Foundation (ONF)
libfluid
CWE-690 Unchecked Return Value to NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31170
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31189
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31166
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31188
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31167
Open Networking Foundation (ONF)
libfluid
CWE-690 Unchecked Return Value to NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31171
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 10, 2024
CVE-2024-31184
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 10, 2024
CVE-2024-31192
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 10, 2024
CVE-2024-31176
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 10, 2024
CVE-2024-31195
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 10, 2024
CVE-2024-31183
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-23916
Open Networking Foundation (ONF)
libfluid
CWE-690 Unchecked Return Value to NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31182
Open Networking Foundation (ONF)
libfluid
CWE-690 Unchecked Return Value to NULL Pointer Dereference
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31194
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31198
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 12, 2024
CVE-2024-31177
Open Networking Foundation (ONF)
libfluid
CWE-125 Out-of-bounds Read
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 7, 2024
CVE-2024-32862
Johnson Controls
exacqVision Web Service
Permissive Cross-domain Policy with Untrusted Domains
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 7, 2024
CVE-2024-32863
Johnson Controls
exacqVision Web Service
Cross-Site Request Forgery (CSRF)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 7, 2024
CVE-2024-32864
Johnson Controls
exacqVision Web Service
Cleartext Transmission of Sensitive Information
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
Previous
Next
CVE ID
CVE-2025-41670
Vendor
Phoenix Contact
Product
PLCnext family
Date Published
May 27, 2026
Type
Uncontrolled Search Path Element
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41669
Vendor
Phoenix Contact
Product
PLCnext family
Date Published
May 27, 2026
Type
Improper Verification of Cryptographic Signature
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41281
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41280
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Relative Path Traversal
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41279
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41278
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Out-of-bounds Read
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41277
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41276
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41275
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41274
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41273
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Authentication Bypass Using an Alternate Path or Channel
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41272
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41271
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Relative Path Traversal
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41270
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41269
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
View All

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your OT and IoT asset discovery, inventory, and management.

Request a DemoWatch Demo

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegrationsPSIRT

Professional Services

Professional ServicesDesignated EngineerFast Track ServicesHealth Check ServiceOptimization Service

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

DoW ZT for OTISA/IEC 62443 Standards NERC CIPNIS2 DirectiveSEC Cybersecurity RulesTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

AcademyCareersCompanyCustomer StoriesContact UsPartnersResourcesLabsLegalTrust Center
LinkedIn logo
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Notice and Certifications. System Status.