Skip to main content

Siemens CPCI85 CVE-2026-54799

| EUVDEUVD-2026-42594 HIGH
Active Debug Code (CWE-489)
2026-07-09 siemens GHSA-j26p-j946-5hv2
8.4
CVSS 4.0 · Vendor: siemens
Share

Severity by source

Vendor (siemens) PRIMARY
8.4 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.7 MEDIUM

Firmware update requires local, privileged access (AV:L/PR:H) with no user interaction, and yields full device takeover, so C/I/A are all High.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (siemens).

CVSS VectorVendor: siemens

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Jul 09, 2026 - 15:30 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 09, 2026 - 15:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 09, 2026 - 15:22 vuln.today
cvss_changed
Severity Changed
Jul 09, 2026 - 15:22 NVD
MEDIUM HIGH
CVSS changed
Jul 09, 2026 - 15:22 NVD
6.7 (MEDIUM) 8.4 (HIGH)
Analysis Generated
Jul 09, 2026 - 14:53 vuln.today

DescriptionCVE.org

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.

AnalysisAI

Malicious firmware installation is possible on Siemens CPCI85 Central Processing/Communication firmware (versions before V26.20) and the SICORE Base System (before V26.20.0) because the firmware update mechanism fails to properly validate signatures. An attacker with high privileges and local access can push crafted, tampered firmware to achieve persistent code execution and full device compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain privileged local/engineering access
Delivery
Craft malicious firmware image
Exploit
Submit image to update mechanism
Execution
Signature validation bypassed
Persist
Malicious firmware installed and booted
Impact
Persistent code execution and device compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to invoke the device's firmware update mechanism with high privileges over a local vector (CVSS AV:L/PR:H) - i.e. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:H/UI:N, VC:H/VI:H/VA:H, base 8.4) frames this as a high-impact but high-barrier issue: exploitation requires local access and already-high privileges, so it is not a remotely reachable or wormable flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained privileged local/engineering access to a substation device (for example a malicious insider or an adversary who already compromised an engineering workstation) crafts modified firmware and submits it through the update mechanism, which fails to reject the tampered image due to the signature-validation flaw. The device accepts and boots the malicious firmware, giving the attacker persistent code execution that survives reboots. …
Remediation Vendor-released patch: update CPCI85 Central Processing/Communication to V26.20 or later and the SICORE Base System to V26.20.0 or later, per Siemens advisory SSA-229470 (https://cert-portal.siemens.com/productcert/html/ssa-229470.html). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all CPCI85 and SICORE Base System devices in use and document current firmware versions by conducting asset inventory. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54799 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy