Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network reachable with no auth required (PR:N); AC:H for OT protocol knowledge; I:H because control over critical system functions implies meaningful integrity impact beyond the vendor's conservative I:L.
Primary rating from Vendor (siemens).
CVSS VectorVendor: siemens
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.
AnalysisAI
Insecure default OPC UA configuration in Siemens CPCI85 Central Processing/Communication and SICORE Base System exposes industrial control system functions to unauthenticated network attackers. Both products ship with all OPC UA security mechanisms disabled, meaning any attacker who can reach the OPC UA endpoint over the network can interact with the system without authentication or encryption. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The device must be running an unpatched version of CPCI85 firmware prior to V26.20 or SICORE Base System prior to V26.20.0, with the default OPC UA Security Mode None configuration in place - no additional misconfiguration is required since this is the shipped default. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 4.8 (Medium) with vector AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N is notable for the combination of network-reachability with no authentication requirement (PR:N), tempered by high attack complexity (AC:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with access to the OT network segment hosting the CPCI85 or SICORE device uses a standard OPC UA client (such as UA Expert or a custom script) to connect to the device's OPC UA endpoint on port 4840 without providing credentials or certificates, since security mode None is the default. Once connected, the attacker can browse the address space to enumerate available nodes and issue read or write commands to critical control functions - potentially modifying setpoints, relay configurations, or operational parameters - without generating authentication failure alerts. |
| Remediation | Upgrade CPCI85 Central Processing/Communication to V26.20 or later and SICORE Base System to V26.20.0 or later, as documented in Siemens ProductCERT advisory SSA-229470 at https://cert-portal.siemens.com/productcert/html/ssa-229470.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Out-of-bounds write vulnerabilities in Siemens CPCI85 Central Processing/Communication and SICORE Base system (versions
Remote denial-of-service in Siemens CPCI85 Central Processing/Communication and RTUM85 RTU Base (versions below V26.10)
Privilege escalation in Siemens CPCI85 Central Processing/Communication and SICORE Base System (all versions before V26.
Malicious firmware installation is possible on Siemens CPCI85 Central Processing/Communication firmware (versions before
Denial of service in Siemens CPCI85 Central Processing/Communication firmware and SICORE Base System (all versions befor
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42595
GHSA-6556-7hqh-p69q