Cpci85 Central Processing Communication
Monthly
Privilege escalation in Siemens CPCI85 Central Processing/Communication and SICORE Base System (all versions before V26.20 / V26.20.0) lets an already-authenticated attacker abuse insufficient validation of authentication credentials when modifying administrative accounts through the web API. By exploiting this weak credential re-verification (CWE-620), an attacker with existing access can bypass security controls and obtain unauthorized elevated privileges over the device. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Insecure default OPC UA configuration in Siemens CPCI85 Central Processing/Communication and SICORE Base System exposes industrial control system functions to unauthenticated network attackers. Both products ship with all OPC UA security mechanisms disabled, meaning any attacker who can reach the OPC UA endpoint over the network can interact with the system without authentication or encryption. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the affected products operate in OT/ICS environments where unauthorized control access carries disproportionate operational and safety risk relative to the moderate CVSS score.
Malicious firmware installation is possible on Siemens CPCI85 Central Processing/Communication firmware (versions before V26.20) and the SICORE Base System (before V26.20.0) because the firmware update mechanism fails to properly validate signatures. An attacker with high privileges and local access can push crafted, tampered firmware to achieve persistent code execution and full device compromise. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Denial of service in Siemens CPCI85 Central Processing/Communication firmware and SICORE Base System (all versions before V26.20 / V26.20.0) allows an authenticated attacker to crash the device's web process via a leftover debugging interface exposed on HTTP endpoints. The flaw stems from active debug code shipped in production firmware and affects only availability, not data confidentiality or integrity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.
Out-of-bounds write vulnerabilities in Siemens CPCI85 Central Processing/Communication and SICORE Base system (versions below V26.10) allow unauthenticated remote attackers to crash critical industrial control system services through maliciously crafted XML requests, resulting in denial-of-service conditions. CISA's SSVC framework marks this as automatable with partial technical impact, though no public exploit has been identified at time of analysis. The CVSS 4.0 score of 8.7 reflects high availability impact (VA:H) with network accessibility requiring no authentication (PR:N).
Remote denial-of-service in Siemens CPCI85 Central Processing/Communication and RTUM85 RTU Base (versions below V26.10) allows adjacent network attackers to exhaust system resources via high-volume requests, forcing device reset or reboot to restore parameterization functionality. No public exploit identified at time of analysis. CVSS 7.1 (High) with adjacent network access vector and no privileges required indicates moderate real-world risk for industrial environments where these RTU and control processing devices operate.
Privilege escalation in Siemens CPCI85 Central Processing/Communication and SICORE Base System (all versions before V26.20 / V26.20.0) lets an already-authenticated attacker abuse insufficient validation of authentication credentials when modifying administrative accounts through the web API. By exploiting this weak credential re-verification (CWE-620), an attacker with existing access can bypass security controls and obtain unauthorized elevated privileges over the device. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Insecure default OPC UA configuration in Siemens CPCI85 Central Processing/Communication and SICORE Base System exposes industrial control system functions to unauthenticated network attackers. Both products ship with all OPC UA security mechanisms disabled, meaning any attacker who can reach the OPC UA endpoint over the network can interact with the system without authentication or encryption. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the affected products operate in OT/ICS environments where unauthorized control access carries disproportionate operational and safety risk relative to the moderate CVSS score.
Malicious firmware installation is possible on Siemens CPCI85 Central Processing/Communication firmware (versions before V26.20) and the SICORE Base System (before V26.20.0) because the firmware update mechanism fails to properly validate signatures. An attacker with high privileges and local access can push crafted, tampered firmware to achieve persistent code execution and full device compromise. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Denial of service in Siemens CPCI85 Central Processing/Communication firmware and SICORE Base System (all versions before V26.20 / V26.20.0) allows an authenticated attacker to crash the device's web process via a leftover debugging interface exposed on HTTP endpoints. The flaw stems from active debug code shipped in production firmware and affects only availability, not data confidentiality or integrity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.
Out-of-bounds write vulnerabilities in Siemens CPCI85 Central Processing/Communication and SICORE Base system (versions below V26.10) allow unauthenticated remote attackers to crash critical industrial control system services through maliciously crafted XML requests, resulting in denial-of-service conditions. CISA's SSVC framework marks this as automatable with partial technical impact, though no public exploit has been identified at time of analysis. The CVSS 4.0 score of 8.7 reflects high availability impact (VA:H) with network accessibility requiring no authentication (PR:N).
Remote denial-of-service in Siemens CPCI85 Central Processing/Communication and RTUM85 RTU Base (versions below V26.10) allows adjacent network attackers to exhaust system resources via high-volume requests, forcing device reset or reboot to restore parameterization functionality. No public exploit identified at time of analysis. CVSS 7.1 (High) with adjacent network access vector and no privileges required indicates moderate real-world risk for industrial environments where these RTU and control processing devices operate.