Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable web API (AV:N/AC:L) but requires an existing high-privilege authenticated session (PR:H); privilege abuse yields full C/I/A impact on the same system (S:U).
Primary rating from Vendor (siemens).
CVSS VectorVendor: siemens
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.
AnalysisAI
Privilege escalation in Siemens CPCI85 Central Processing/Communication and SICORE Base System (all versions before V26.20 / V26.20.0) lets an already-authenticated attacker abuse insufficient validation of authentication credentials when modifying administrative accounts through the web API. By exploiting this weak credential re-verification (CWE-620), an attacker with existing access can bypass security controls and obtain unauthorized elevated privileges over the device. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already hold an authenticated high-privilege session (CVSS PR:H) and network reachability to the device's administrative web API (AV:N/AC:L/UI:N - no victim interaction and low complexity once authenticated). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The Siemens-supplied CVSS 4.0 score is 8.6 (High) with vector AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H, indicating a network-reachable, low-complexity attack requiring high existing privileges, with full high impact to confidentiality, integrity and availability of the vulnerable system and no scope change to other systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained a high-privilege authenticated session on the device - for example a malicious insider or an adversary who reused stolen operator credentials - sends a crafted administrative account-modification request to the web API. Because the credential validation is insufficient, the request is honored without proper re-authentication, letting the attacker escalate to full administrative control of the CPCI85/SICORE system. … |
| Remediation | Upgrade CPCI85 Central Processing/Communication to V26.20 or later and the SICORE Base System to V26.20.0 or later, per Siemens ProductCERT advisory SSA-229470 (https://cert-portal.siemens.com/productcert/html/ssa-229470.html). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit and document all Siemens CPCI85 and SICORE Base System installations and current versions; implement firewall rules restricting web API access to authorized network segments only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Out-of-bounds write vulnerabilities in Siemens CPCI85 Central Processing/Communication and SICORE Base system (versions
Remote denial-of-service in Siemens CPCI85 Central Processing/Communication and RTUM85 RTU Base (versions below V26.10)
Malicious firmware installation is possible on Siemens CPCI85 Central Processing/Communication firmware (versions before
Denial of service in Siemens CPCI85 Central Processing/Communication firmware and SICORE Base System (all versions befor
Insecure default OPC UA configuration in Siemens CPCI85 Central Processing/Communication and SICORE Base System exposes
Same weakness CWE-620 – Unverified Password Change
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42596
GHSA-79vc-rc2r-m8rf