wid-sec-w-2026-0889 · Published 2026-03-26 · View on BSI CERT-Bund ↗

Siemens SICAM: Multiple Vulnerabilities allow Denial of Service

CVSS 8.7 HIGH

Risk Summary

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality. A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.

CVEs (2)

CVE-2026-27663 CVE-2026-27664

Affected Vendors

Siemens

Affected Products (6)

Siemens · SICAM CPCI85 <26.10

Siemens · SICAM CPCI85 26.10

Siemens · SICAM RTUM85 <26.10

Siemens · SICAM RTUM85 26.10

Siemens · SICAM SICORE <26.10.0

Siemens · SICAM SICORE 26.10.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more