A Note to our Customers and Partners in the Middle East
More Information
Academy
Labs
Careers
Partner Login
Support

Vulnerability Advisories

This page offers a comprehensive view of vulnerabilities identified by Nozomi Networks in critical OT, ICS, and IoT environments, showcasing the deep expertise and dedication of our world-class Security Research team.

Each advisory represents our ongoing effort to enhance the protection of industrial systems, identifying emerging threats before they can be exploited. Immediate protection is available through our Threat Intelligence (TI) subscription, supporting a proactive, forward-thinking defense strategy. For more on our responsible approach, refer to the Responsible Disclosure Policy.

Vulnerability Advisories

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Risk Level
CriticalHighMediumLow
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Date Published
CVE ID
Vendor
Product
Type
Risk
Details
October 29, 2022
CVE-2021-26730
Lanner
IAC-AST2500A
spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 30, 2022
CVE-2021-44467
Lanner
IAC-AST2500A
spx_restservice KillDupUsr_func Broken Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 30, 2022
CVE-2021-44776
Lanner
IAC-AST2500A
spx_restservice SubNet_handler_func Broken Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 30, 2022
CVE-2021-26732
Lanner
IAC-AST2500A
spx_restservice First_network_func Broken Access Control
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 31, 2022
CVE-2021-44769
Lanner
IAC-AST2500A
TLS Certificate Generation Function Improper Input Validation
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 31, 2022
CVE-2021-45925
Lanner
IAC-AST2500A
Username Enumeration
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 7, 2023
CVE-2022-47917
Sewio
RTLS Studio
Improper Input Validation
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
November 2, 2022
CVE-2021-46279
Lanner
IAC-AST2500A
Session Fixation and Insufficient Session Expiration
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 2, 2022
CVE-2022-29833
Mitsubishi Electric
GX Works3
Insufficiently Protected Credentials
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 2, 2022
CVE-2022-29832
Mitsubishi Electric
GX Works3
Cleartext Storage of Sensitive Information in Memory
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 2, 2022
CVE-2022-29831
Mitsubishi Electric
GX Works3
Use of Hard-coded Password
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 6, 2023
CVE-2022-47911
Sewio
RTLS Studio
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 7, 2023
CVE-2022-47395
Sewio
RTLS Studio
Cross-Site Request Forgery (CSRF)
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 7, 2023
CVE-2022-46733
Sewio
RTLS Studio
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 7, 2023
CVE-2022-43455
Sewio
RTLS Studio
Improper Input Validation
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 7, 2023
CVE-2022-45127
Sewio
RTLS Studio
Cross-Site Request Forgery (CSRF)
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 7, 2023
CVE-2022-41989
Sewio
RTLS Studio
Out-of-bounds Write - CVE-2022-41989
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 8, 2023
CVE-2022-45444
Sewio
RTLS Studio
Use of Hard-coded Password
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
February 7, 2023
CVE-2022-43483
Sewio
RTLS Studio
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 3, 2023
CVE-2022-3864
Hitachi Energy
Relion 670, 650 and SAM600-IO Series
Buffer Overflow During Update Process
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31166
Schweitzer Engineering Laboratories (SEL)
RTAC
Path Traversal
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31165
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31162
Schweitzer Engineering Laboratories (SEL)
RTAC
Improper Input Validation
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31164
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31163
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31161
Schweitzer Engineering Laboratories (SEL)
RTAC
Improper Input Validation
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31160
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31159
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31158
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31157
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31154
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31156
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31155
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31152
Schweitzer Engineering Laboratories (SEL)
RTAC
Authentication Bypass Using an Alternate Path or Channel
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31148
Schweitzer Engineering Laboratories (SEL)
RTAC
Improper Input Validation
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31153
Schweitzer Engineering Laboratories (SEL)
RTAC
Cross-site Scripting
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
July 21, 2023
CVE-2023-34472
AMI
MegaRAC SP-X
Improper Neutralization of CRLF Sequences (‘CRLF Injection’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31151
Schweitzer Engineering Laboratories (SEL)
RTAC
Improper Certificate Validation
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31150
Schweitzer Engineering Laboratories (SEL)
RTAC
Storing Passwords in a Recoverable Format
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
July 21, 2023
CVE-2023-34471
AMI
MegaRAC SP-X
Missing Cryptographic Step
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 21, 2023
CVE-2023-31149
Schweitzer Engineering Laboratories (SEL)
RTAC
Improper Input Validation
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
June 28, 2023
Ubisense
Dimension4 UWB RTLS
Insufficient Transport Layer Protection
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
July 21, 2023
CVE-2023-34473
AMI
MegaRAC SP-X
Use of Hard-coded Credentials
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-37862
Phoenix Contact
WP 6xxx series
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
July 21, 2023
CVE-2023-2538
Tyan
S5552 BMC
Files or Directories Accessible to External Parties
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
July 21, 2023
CVE-2023-34337
AMI
MegaRAC SP-X
Inadequate Encryption Strength
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
July 21, 2023
CVE-2023-34338
AMI
MegaRAC SP-X
Use of Hard-coded Cryptographic Key
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 7, 2023
CVE-2023-31190
BlueMark
DroneScout ds230
Improper Certificate Validation
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 7, 2023
CVE-2023-31191
BlueMark
DroneScout ds230
Omission of Security-relevant Information
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 9, 2023
CVE-2023-21412
AXIS
License Plate Verifier
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 7, 2023
CVE-2023-29156
BlueMark
DroneScout ds230
Omission of Security-relevant Information
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 9, 2023
CVE-2023-21411
AXIS
License Plate Verifier
Improper Neutralization of Special Elements (‘Command Injection’)
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 9, 2023
CVE-2023-21410
AXIS
License Plate Verifier
Improper Neutralization of Special Elements (‘Command Injection’)
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 9, 2023
CVE-2023-21408
AXIS
License Plate Verifier
unsafe credentials handling
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 9, 2023
CVE-2023-21409
AXIS
License Plate Verifier
unsafe credentials handling
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 9, 2023
CVE-2023-21407
AXIS
License Plate Verifier
broken access control
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-37860
Phoenix Contact
WP 6xxx series
Missing Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-37864
Phoenix Contact
WP 6xxx series
Download of Code Without Integrity Check
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-37863
Phoenix Contact
WP 6xxx series
Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-37861
Phoenix Contact
WP 6xxx series
Neutralization of Special Elements used in an OS Command ('OS Command Injection')
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-37859
Phoenix Contact
WP 6xxx series
Improper Privilege Management
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-37857
Phoenix Contact
WP 6xxx series
Use of Hard-coded Credentials
Low
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-37858
Phoenix Contact
WP 6xxx series
Use of Hard-coded Credentials
Low
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-3570
Phoenix Contact
WP 6xxx series
Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-37856
Phoenix Contact
WP 6xxx series
Externally Controlled Reference to a Resource in Another Sphere
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-37855
Phoenix Contact
WP 6xxx series
Externally Controlled Reference to a Resource in Another Sphere
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-3573
Phoenix Contact
WP 6xxx series
Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-3572
Phoenix Contact
WP 6xxx series
Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
August 18, 2023
CVE-2023-3571
Phoenix Contact
WP 6xxx series
Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Critical
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 1, 2023
CVE-2023-34392
Schweitzer Engineering Laboratories (SEL)
SEL-5037 SEL Grid Configurator
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 1, 2023
CVE-2023-31174
Schweitzer Engineering Laboratories (SEL)
SEL-5037 SEL Grid Configurator
Cross-Site Request Forgery (CSRF)
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 1, 2023
CVE-2023-31175
Schweitzer Engineering Laboratories (SEL)
SEL-5037 SEL Grid Configurator
Execution with Unnecessary Privileges
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 1, 2023
CVE-2023-31172
Schweitzer Engineering Laboratories (SEL)
SEL-5030 acSELerator QuickSet
Incomplete Filtering of Special Elements
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 1, 2023
CVE-2023-31173
Schweitzer Engineering Laboratories (SEL)
SEL-5037 SEL Grid Configurator
Use of Hard-coded Credentials
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 1, 2023
CVE-2023-31171
Schweitzer Engineering Laboratories (SEL)
SEL-5030 acSELerator QuickSet
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 1, 2023
CVE-2023-31170
Schweitzer Engineering Laboratories (SEL)
SEL-5030 acSELerator QuickSet
Inclusion of Functionality from Untrusted Control Sphere
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 1, 2023
CVE-2023-31169
Schweitzer Engineering Laboratories (SEL)
SEL-5030 acSELerator QuickSet
Improper Handling of Unicode Encoding
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 3, 2023
CVE-2023-36857
Baker Hughes
Bently Nevada 3500 Rack (USB and Serial Versions)
CWE-294: Authentication Bypass by Capture-replay
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 3, 2023
CVE-2023-34441
Baker Hughes
Bently Nevada 3500 Rack (USB and Serial Versions)
CWE-319: Cleartext Transmission of Sensitive Information
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
September 1, 2023
CVE-2023-31168
Schweitzer Engineering Laboratories (SEL)
SEL-5030 acSELerator QuickSet
Inclusion of Functionality from Untrusted Control Sphere
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 30, 2023
CVE-2023-43801
Arduino
Create Agent Service
Service Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 3, 2023
CVE-2023-34437
Baker Hughes
Bently Nevada 3500 Rack (USB and Serial Versions)
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 1, 2023
CVE-2023-34389
Schweitzer Engineering Laboratories (SEL)
SEL-451
Allocation of Resources Without Limits or Throttling
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 30, 2023
CVE-2023-43803
Arduino
Create Agent Service
Service Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 30, 2023
CVE-2023-43800
Arduino
Create Agent Service
Insufficient Verification of Data Authenticity
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
October 30, 2023
CVE-2023-43802
Arduino
Create Agent Service
Service Path Traversal
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 1, 2023
CVE-2023-31177
Schweitzer Engineering Laboratories (SEL)
SEL-451
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 1, 2023
CVE-2023-34390
Schweitzer Engineering Laboratories (SEL)
SEL-451
Improper Input Validation
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 1, 2023
CVE-2023-31176
Schweitzer Engineering Laboratories (SEL)
SEL-451
Insufficient Entropy
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
December 1, 2023
CVE-2023-34388
Schweitzer Engineering Laboratories (SEL)
SEL-451
Improper Authentication
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 8, 2024
CVE-2023-41255
Advantech
TPC-110W
Improper Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 8, 2024
CVE-2023-46102
Advantech
TPC-110W
Use of Hard-coded Credentials
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 8, 2024
CVE-2023-45851
Advantech
TPC-110W
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 8, 2024
CVE-2023-45220
Advantech
TPC-110W
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 8, 2024
CVE-2023-45844
Advantech
TPC-110W
Improper Access Control
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 8, 2024
CVE-2023-45321
Advantech
TPC-110W
Cleartext Transmission of Information
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 8, 2024
CVE-2023-43488
Advantech
TPC-110W
Missing Authentication for Critical Function
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 8, 2024
CVE-2023-41960
Advantech
TPC-110W
Improper Export of Application Component
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 8, 2024
CVE-2023-41372
Advantech
TPC-110W
Use of Hard-coded Credentials
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48266
Bosch Rexroth
Nexo cordless nutrunners
Stack-based Buffer Overflow
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
Previous
Next
CVE ID
CVE-2025-41670
Vendor
Phoenix Contact
Product
PLCnext family
Date Published
May 27, 2026
Type
Uncontrolled Search Path Element
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41669
Vendor
Phoenix Contact
Product
PLCnext family
Date Published
May 27, 2026
Type
Improper Verification of Cryptographic Signature
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41281
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41280
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Relative Path Traversal
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41279
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41278
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Out-of-bounds Read
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41277
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41276
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41275
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41274
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41273
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Authentication Bypass Using an Alternate Path or Channel
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41272
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41271
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Relative Path Traversal
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41270
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41269
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
View All

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your OT and IoT asset discovery, inventory, and management.

Request a DemoWatch Demo

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegrationsPSIRT

Professional Services

Professional ServicesDesignated EngineerFast Track ServicesHealth Check ServiceOptimization Service

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

DoW ZT for OTISA/IEC 62443 Standards NERC CIPNIS2 DirectiveSEC Cybersecurity RulesTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

AcademyCareersCompanyCustomer StoriesContact UsPartnersResourcesLabsLegalTrust Center
LinkedIn logo
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Notice and Certifications. System Status.