A Note to our Customers and Partners in the Middle East
More Information
Academy
Labs
Careers
Partner Login
Support

Vulnerability Advisories

This page offers a comprehensive view of vulnerabilities identified by Nozomi Networks in critical OT, ICS, and IoT environments, showcasing the deep expertise and dedication of our world-class Security Research team.

Each advisory represents our ongoing effort to enhance the protection of industrial systems, identifying emerging threats before they can be exploited. Immediate protection is available through our Threat Intelligence (TI) subscription, supporting a proactive, forward-thinking defense strategy. For more on our responsible approach, refer to the Responsible Disclosure Policy.

Vulnerability Advisories

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Risk Level
CriticalHighMediumLow
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Date Published
CVE ID
Vendor
Product
Type
Risk
Details
January 17, 2024
CVE-2023-48265
Bosch Rexroth
Nexo cordless nutrunners
Stack-based Buffer Overflow
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48261
Bosch Rexroth
Nexo cordless nutrunners
Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48264
Bosch Rexroth
Nexo cordless nutrunners
Stack-based Buffer Overflow
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48259
Bosch Rexroth
Nexo cordless nutrunners
Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48262
Bosch Rexroth
Nexo cordless nutrunners
Stack-based Buffer Overflow
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48260
Bosch Rexroth
Nexo cordless nutrunners
Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48263
Bosch Rexroth
Nexo cordless nutrunners
Heap-based Buffer Overflow
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48254
Bosch Rexroth
Nexo cordless nutrunners
Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48258
Bosch Rexroth
Nexo cordless nutrunners
Cross-Site Request Forgery (CSRF)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48257
Bosch Rexroth
Nexo cordless nutrunners
Use of Weak Credentials
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48252
Bosch Rexroth
Nexo cordless nutrunners
Improper Authorization
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48256
Bosch Rexroth
Nexo cordless nutrunners
Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48255
Bosch Rexroth
Nexo cordless nutrunners
Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48253
Bosch Rexroth
Nexo cordless nutrunners
Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48245
Bosch Rexroth
Nexo cordless nutrunners
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48246
Bosch Rexroth
Nexo cordless nutrunners
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48251
Bosch Rexroth
Nexo cordless nutrunners
Use of Hard-coded Credentials
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48250
Bosch Rexroth
Nexo cordless nutrunners
Use of Hard-coded Credentials
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48249
Bosch Rexroth
Nexo cordless nutrunners
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48248
Bosch Rexroth
Nexo cordless nutrunners
Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48247
Bosch Rexroth
Nexo cordless nutrunners
Missing Authorization
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48244
Bosch Rexroth
Nexo cordless nutrunners
Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48243
Bosch Rexroth
Nexo cordless nutrunners
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-45600
AiLux
imx6 bundle
Insufficient Session Expiration
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
January 17, 2024
CVE-2023-48242
Bosch Rexroth
Nexo cordless nutrunners
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-45599
AiLux
imx6 bundle
iec61850 Reliance on File Name or Extension of Externally-Supplied File
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-45598
AiLux
imx6 bundle
measure Direct Request ('Forced Browsing')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-45596
AiLux
imx6 bundle
file_configuration Direct Request ('Forced Browsing')
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-45591
AiLux
imx6 bundle
Ax_rtu logger_generic Heap-Based Buffer Overflow
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-5456
AiLux
imx6 bundle
Use of Hard-coded MariaDB Password
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-45597
AiLux
imx6 bundle
file_configuration Improper Neutralization of Formula Elements in a CSV File
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-45595
AiLux
imx6 bundle
file_configuration Unrestricted Upload of File with Dangerous Type
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-45593
AiLux
imx6 bundle
Chromium Alternative URLs Incomplete List of Disallowed Inputs
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-45594
AiLux
imx6 bundle
Chromium Files or Directories Accessible to External Parties
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-5457
AiLux
imx6 bundle
“Debug” Enabled in Django Framework Configuration
High
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
March 12, 2024
CVE-2023-45592
AiLux
imx6 bundle
Chromium Execution with Unnecessary Privileges
Medium
Details
Learn more arrow
CVE
Learn more arrow
Notification
Learn more arrow
Previous
Next
CVE ID
CVE-2025-41670
Vendor
Phoenix Contact
Product
PLCnext family
Date Published
May 27, 2026
Type
Uncontrolled Search Path Element
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41669
Vendor
Phoenix Contact
Product
PLCnext family
Date Published
May 27, 2026
Type
Improper Verification of Cryptographic Signature
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41281
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41280
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Relative Path Traversal
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41279
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41278
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Out-of-bounds Read
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41277
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41276
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41275
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41274
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41273
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Authentication Bypass Using an Alternate Path or Channel
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41272
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41271
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Relative Path Traversal
Risk Score
High
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41270
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
CVE ID
CVE-2025-41269
Vendor
Waterfall
Product
WF-500
Date Published
May 29, 2026
Type
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Score
Critical
Details
Details
Learn more arrow
CVE
Learn more arrow
Security Notification
Learn more arrow
View All

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your OT and IoT asset discovery, inventory, and management.

Request a DemoWatch Demo

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegrationsPSIRT

Professional Services

Professional ServicesDesignated EngineerFast Track ServicesHealth Check ServiceOptimization Service

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

DoW ZT for OTISA/IEC 62443 Standards NERC CIPNIS2 DirectiveSEC Cybersecurity RulesTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

AcademyCareersCompanyCustomer StoriesContact UsPartnersResourcesLabsLegalTrust Center
LinkedIn logo
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Notice and Certifications. System Status.