Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Nozomi Networks — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting Nozomi Networks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nozomi Networks specializes in industrial cybersecurity, providing visibility and threat detection for operational technology environments. The company’s software solutions monitor critical infrastructure, including energy, manufacturing, and transportation sectors, to identify anomalies in network traffic and device behavior. Historically, the platform has been associated with forty-three recorded Common Vulnerabilities and Exposures, primarily involving remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from improper input validation or insufficient access controls within the management interfaces. While no catastrophic breaches directly attributed to these specific CVEs have been widely publicized, the high count indicates recurring issues in authentication mechanisms and session management. The security profile suggests that while the core detection engine is robust, the administrative components require rigorous patching and hardening to prevent unauthorized access. Continuous updates are essential to mitigate risks associated with these known weaknesses in the industrial IoT landscape.

Top products by Nozomi Networks: Guardian Arc CMC
CVE IDTitleCVSSSeverityPublished
CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0 — GuardianCWE-79 8.9 High2026-04-15
CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0 — GuardianCWE-863 8.1 High2026-04-15
CVE-2025-40896 Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0 — ArcCWE-295 6.5 Medium2026-03-04
CVE-2025-40895 HTML injection in Sensor Map in CMC before 25.6.0 — CMCCWE-79 4.8 Medium2026-03-04
CVE-2025-40894 HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0 — GuardianCWE-79 4.4 Medium2026-03-04
CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0 — GuardianCWE-22 8.1 High2025-12-18
CVE-2025-40893 HTML injection in Asset List in Guardian/CMC before 25.5.0 — GuardianCWE-79 6.1 Medium2025-12-18
CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0 — GuardianCWE-79 8.9 High2025-12-18
CVE-2025-40891 HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0 — GuardianCWE-79 4.7 Medium2025-12-18
CVE-2025-40890 Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0 — GuardianCWE-79 7.9 High2025-11-25
CVE-2025-40888 Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0 — GuardianCWE-89 5.3 Medium2025-10-07
CVE-2025-40889 Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0 — GuardianCWE-22 8.1 High2025-10-07
CVE-2025-40887 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 — GuardianCWE-89 5.3 Medium2025-10-07
CVE-2025-40886 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 — GuardianCWE-89 7.5 High2025-10-07
CVE-2025-40885 Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0 — GuardianCWE-89 5.3 Medium2025-10-07
CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0 — GuardianCWE-863 8.1 High2025-10-07
CVE-2025-3718 Client-side path traversal in Guardian/CMC before 25.2.0 — GuardianCWE-22 7.9 High2025-10-07
CVE-2025-1501 Incorrect authorization for traces request/download in CMC before 25.1.0 — CMCCWE-863 4.3 Medium2025-08-26
CVE-2024-13090 Privilege escalation in Guardian/CMC before 24.6.0 — GuardianCWE-250 7.0 High2025-06-10
CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 — GuardianCWE-78 7.2 High2025-06-10
CVE-2024-4465 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 — GuardianCWE-863 6.0 Medium2024-09-11
CVE-2023-5938 Path traversal via 'zip slip' in Arc before v1.6.0 — ArcCWE-22 8.0 High2024-05-15
CVE-2023-5937 Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0 — ArcCWE-538 3.8 Low2024-05-15
CVE-2023-5936 Unsafe temporary data privileges on Unix systems in Arc before v1.6.0 — ArcCWE-732 7.8 High2024-05-15
CVE-2023-5935 Missing authentication for local web interface in Arc before v1.6.0 — ArcCWE-306 7.4 High2024-05-15
CVE-2024-0218 DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 — GuardianCWE-1286 7.5 High2024-04-10
CVE-2023-6916 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 — GuardianCWE-201 7.2 High2024-04-10
CVE-2023-5253 Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 — GuardianCWE-306 5.3 Medium2024-01-15
CVE-2023-32649 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 — GuardianCWE-1286 7.5 High2023-09-19
CVE-2023-29245 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 — GuardianCWE-89 8.1 High2023-09-19

This page lists every published CVE security advisory associated with Nozomi Networks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.