Skip to main content

CPCI85 / SICORE EUVDEUVD-2026-42595

| CVE-2026-54800 MEDIUM
Initialization of a Resource with an Insecure Default (CWE-1188)
2026-07-09 siemens GHSA-6556-7hqh-p69q
6.3
CVSS 4.0 · Vendor: siemens
Share

Severity by source

Vendor (siemens) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.0 HIGH

Network reachable with no auth required (PR:N); AC:H for OT protocol knowledge; I:H because control over critical system functions implies meaningful integrity impact beyond the vendor's conservative I:L.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (siemens).

CVSS VectorVendor: siemens

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
Jul 09, 2026 - 15:22 NVD
4.8 (MEDIUM) 6.3 (MEDIUM)
Analysis Generated
Jul 09, 2026 - 14:54 vuln.today

DescriptionCVE.org

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.

AnalysisAI

Insecure default OPC UA configuration in Siemens CPCI85 Central Processing/Communication and SICORE Base System exposes industrial control system functions to unauthenticated network attackers. Both products ship with all OPC UA security mechanisms disabled, meaning any attacker who can reach the OPC UA endpoint over the network can interact with the system without authentication or encryption. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain OT network access
Delivery
Discover OPC UA endpoint on port 4840
Exploit
Connect without credentials (Security Mode None)
Execution
Browse OPC UA address space
Impact
Read or write critical system parameters

Vulnerability AssessmentAI

Exploitation The device must be running an unpatched version of CPCI85 firmware prior to V26.20 or SICORE Base System prior to V26.20.0, with the default OPC UA Security Mode None configuration in place - no additional misconfiguration is required since this is the shipped default. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 4.8 (Medium) with vector AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N is notable for the combination of network-reachability with no authentication requirement (PR:N), tempered by high attack complexity (AC:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to the OT network segment hosting the CPCI85 or SICORE device uses a standard OPC UA client (such as UA Expert or a custom script) to connect to the device's OPC UA endpoint on port 4840 without providing credentials or certificates, since security mode None is the default. Once connected, the attacker can browse the address space to enumerate available nodes and issue read or write commands to critical control functions - potentially modifying setpoints, relay configurations, or operational parameters - without generating authentication failure alerts.
Remediation Upgrade CPCI85 Central Processing/Communication to V26.20 or later and SICORE Base System to V26.20.0 or later, as documented in Siemens ProductCERT advisory SSA-229470 at https://cert-portal.siemens.com/productcert/html/ssa-229470.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42595 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy