CVE-2025-26390 is a critical SQL injection vulnerability affecting Siemens OZW672 and OZW772 devices running versions prior to 6.0. The vulnerability resides in the web service component responsible for authentication data verification. Specifically, the web service fails to properly neutralize special elements in SQL commands, allowing an unauthenticated remote attacker to inject malicious SQL code. This flaw enables the attacker to bypass authentication checks and gain administrator-level access without valid credentials. Given the nature of the vulnerability (CWE-89), the attacker can manipulate SQL queries executed by the backend database, potentially leading to unauthorized data access, modification, or deletion, as well as full control over the device's management interface. The CVSS v3.1 score of 9.8 reflects the high severity, with network attack vector, no required privileges or user interaction, and a full impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a prime target for exploitation once publicized. Siemens OZW672 and OZW772 devices are typically used in industrial or infrastructure environments, where unauthorized administrative access could have severe operational consequences.

For European organizations, this vulnerability poses a significant risk, especially those operating critical infrastructure, manufacturing plants, or industrial control systems that utilize Siemens OZW672 or OZW772 devices. Successful exploitation could lead to unauthorized administrative access, allowing attackers to alter device configurations, disrupt operations, or pivot to other network segments. The compromise of such devices could result in operational downtime, safety hazards, data breaches, and potential regulatory non-compliance under frameworks like GDPR or NIS Directive. The criticality is heightened in sectors such as energy, transportation, and manufacturing, where Siemens devices are prevalent. Additionally, the ability to bypass authentication remotely without user interaction increases the risk of automated or large-scale attacks targeting European industrial environments.

Organizations should prioritize upgrading affected Siemens OZW672 and OZW772 devices to version 6.0 or later, where this vulnerability is addressed. In the absence of an immediate patch, network segmentation should be enforced to isolate these devices from untrusted networks, limiting exposure to potential attackers. Implement strict access control lists (ACLs) and firewall rules to restrict inbound traffic to the device's management interfaces. Employ intrusion detection and prevention systems (IDS/IPS) with signatures or anomaly detection capabilities tuned to identify SQL injection attempts targeting these devices. Regularly audit device logs for suspicious authentication attempts or anomalies. Additionally, consider deploying web application firewalls (WAFs) capable of detecting and blocking SQL injection payloads. Finally, maintain an inventory of all Siemens OZW devices to ensure comprehensive coverage and timely remediation.