All CISA Advisories, EN

Siemens SICAM SIAPP SDK

View CSAF

Summary

The SICAM SIAPP SDK contains multiple vulnerabilities that could allow an attacker to disrupt the customer-developed SIAPP or its simulation environment. Potential impacts include denial of service within the SIAPP, corruption of SIAPP data, or exploit the simulation environment. These vulnerabilities are only exploitable if the API is used improperly or hardening measures are not applied. Siemens has released a new version for SICAM SIAPP SDK and recommends to update to the latest version.

The following versions of Siemens SICAM SIAPP SDK are affected:

  • SICAM SIAPP SDK vers:intdot/<2.1.7
CVSS Vendor Equipment Vulnerabilities
v3 7.4 Siemens Siemens SICAM SIAPP SDK Out-of-bounds Write, Stack-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency, External Control of File Name or Path

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2026-25569

An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution.

View CVE Details

Affected Products

Siemens SICAM SIAPP SDK
Vendor:
Siemens
Product Version:
SICAM SIAPP SDK
Product Status:
known_affected
Remediations

Vendor fix
Update to V2.1.7 or later

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-25570

The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack overflow. This could allow an attacker to perform code execution and denial of service.

View CVE Details

Affected Products

Siemens SICAM SIAPP SDK
Vendor:
Siemens
Product Version:
SICAM SIAPP SDK
Product Status:
known_affected
Remediations

Vendor fix
Update to V2.1.7 or later

Relevant CWE: CWE-121 Stack-based Buffer Overflow

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-25571

The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article: