Summary
Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to denial of service, namely: – SICAM A8000 Device firmware – CPCI85 for CP-8031/CP-8050 – SICORE for CP-8010/CP-8012 – RTUM85 for CP-8010/CP-8012 – SICAM EGS Device firmware – CPCI85 – SICAM S8000 – SICORE – RTUM85 Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens SICAM 8 Products are affected:
- CPCI85 Central Processing/Communication vers:intdot/<26.10 (CVE-2026-27663, CVE-2026-27664)
- RTUM85 RTU Base vers:intdot/<26.10 (CVE-2026-27663)
- SICORE Base system vers:intdot/<26.10.0 (CVE-2026-27664)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 7.5 | Siemens | Siemens SICAM 8 Products | Allocation of Resources Without Limits or Throttling, Out-of-bounds Write |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Germany
Vulnerabilities
CVE-2026-27663
The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.
Affected Products
Siemens SICAM 8 Products
Siemens
CPCI85 Central Processing/Communication, RTUM85 RTU Base
known_affected
Remediations
Vendor fix
Update to V26.10 or later version The firmware RTUM85 V26.10 is present within “CP-8010/CP-8012 Package” V26.10 https://support.industry.siemens.com/cs/ww/en/view/109972894/ and also within “SICAM S8000 Package” V26.10 https://support.industry.siemens.com/cs/document/109818240
Vendor fix
Update to V26.10 or later version The firmware CPCI85 V26.10 is present within “CP-8031/CP-8050 Package” V26.10 https://support.industry.siemens.com/cs/ww/en/view/109804985/ and also within “SICAM EGS Package” V26.10 https://support.industry.siemens.com/cs/document/109972536/
Relevant CWE: CWE-770 Allocation of Resources Without Limits or Throttling
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVE-2026-27664
The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.
Affected Products
Siemens SICAM 8 Products
Siemens
CPCI85 Central Processing/Communication, SICORE Base system
known_affected
Remediations
Ven
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: