Skip to main content

Cpci85 Central Processing Communication

6 CVEs product

Monthly

CVE-2026-54801 HIGH This Week

Privilege escalation in Siemens CPCI85 Central Processing/Communication and SICORE Base System (all versions before V26.20 / V26.20.0) lets an already-authenticated attacker abuse insufficient validation of authentication credentials when modifying administrative accounts through the web API. By exploiting this weak credential re-verification (CWE-620), an attacker with existing access can bypass security controls and obtain unauthorized elevated privileges over the device. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Cpci85 Central Processing Communication Sicore Base System
NVD VulDB
CVSS 4.0
8.6
EPSS
0.3%
CVE-2026-54800 MEDIUM This Month

Insecure default OPC UA configuration in Siemens CPCI85 Central Processing/Communication and SICORE Base System exposes industrial control system functions to unauthenticated network attackers. Both products ship with all OPC UA security mechanisms disabled, meaning any attacker who can reach the OPC UA endpoint over the network can interact with the system without authentication or encryption. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the affected products operate in OT/ICS environments where unauthorized control access carries disproportionate operational and safety risk relative to the moderate CVSS score.

Authentication Bypass Cpci85 Central Processing Communication Sicore Base System
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-54799 HIGH This Week

Malicious firmware installation is possible on Siemens CPCI85 Central Processing/Communication firmware (versions before V26.20) and the SICORE Base System (before V26.20.0) because the firmware update mechanism fails to properly validate signatures. An attacker with high privileges and local access can push crafted, tampered firmware to achieve persistent code execution and full device compromise. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

RCE Cpci85 Central Processing Communication Sicore Base System
NVD VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-54798 HIGH This Week

Denial of service in Siemens CPCI85 Central Processing/Communication firmware and SICORE Base System (all versions before V26.20 / V26.20.0) allows an authenticated attacker to crash the device's web process via a leftover debugging interface exposed on HTTP endpoints. The flaw stems from active debug code shipped in production firmware and affects only availability, not data confidentiality or integrity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Cpci85 Central Processing Communication Sicore Base System
NVD VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-27664 HIGH CISA Act Now

Out-of-bounds write vulnerabilities in Siemens CPCI85 Central Processing/Communication and SICORE Base system (versions below V26.10) allow unauthenticated remote attackers to crash critical industrial control system services through maliciously crafted XML requests, resulting in denial-of-service conditions. CISA's SSVC framework marks this as automatable with partial technical impact, though no public exploit has been identified at time of analysis. The CVSS 4.0 score of 8.7 reflects high availability impact (VA:H) with network accessibility requiring no authentication (PR:N).

Buffer Overflow Memory Corruption Cpci85 Central Processing Communication Sicore Base System
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-27663 HIGH CISA Act Now

Remote denial-of-service in Siemens CPCI85 Central Processing/Communication and RTUM85 RTU Base (versions below V26.10) allows adjacent network attackers to exhaust system resources via high-volume requests, forcing device reset or reboot to restore parameterization functionality. No public exploit identified at time of analysis. CVSS 7.1 (High) with adjacent network access vector and no privileges required indicates moderate real-world risk for industrial environments where these RTU and control processing devices operate.

Denial Of Service Cpci85 Central Processing Communication Rtum85 Rtu Base
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
EPSS 0% CVSS 8.6
HIGH This Week

Privilege escalation in Siemens CPCI85 Central Processing/Communication and SICORE Base System (all versions before V26.20 / V26.20.0) lets an already-authenticated attacker abuse insufficient validation of authentication credentials when modifying administrative accounts through the web API. By exploiting this weak credential re-verification (CWE-620), an attacker with existing access can bypass security controls and obtain unauthorized elevated privileges over the device. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Cpci85 Central Processing Communication Sicore Base System
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Insecure default OPC UA configuration in Siemens CPCI85 Central Processing/Communication and SICORE Base System exposes industrial control system functions to unauthenticated network attackers. Both products ship with all OPC UA security mechanisms disabled, meaning any attacker who can reach the OPC UA endpoint over the network can interact with the system without authentication or encryption. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the affected products operate in OT/ICS environments where unauthorized control access carries disproportionate operational and safety risk relative to the moderate CVSS score.

Authentication Bypass Cpci85 Central Processing Communication Sicore Base System
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Malicious firmware installation is possible on Siemens CPCI85 Central Processing/Communication firmware (versions before V26.20) and the SICORE Base System (before V26.20.0) because the firmware update mechanism fails to properly validate signatures. An attacker with high privileges and local access can push crafted, tampered firmware to achieve persistent code execution and full device compromise. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

RCE Cpci85 Central Processing Communication Sicore Base System
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Denial of service in Siemens CPCI85 Central Processing/Communication firmware and SICORE Base System (all versions before V26.20 / V26.20.0) allows an authenticated attacker to crash the device's web process via a leftover debugging interface exposed on HTTP endpoints. The flaw stems from active debug code shipped in production firmware and affects only availability, not data confidentiality or integrity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Cpci85 Central Processing Communication Sicore Base System
NVD VulDB
EPSS 0% CVSS 8.7
HIGH Act Now

Out-of-bounds write vulnerabilities in Siemens CPCI85 Central Processing/Communication and SICORE Base system (versions below V26.10) allow unauthenticated remote attackers to crash critical industrial control system services through maliciously crafted XML requests, resulting in denial-of-service conditions. CISA's SSVC framework marks this as automatable with partial technical impact, though no public exploit has been identified at time of analysis. The CVSS 4.0 score of 8.7 reflects high availability impact (VA:H) with network accessibility requiring no authentication (PR:N).

Buffer Overflow Memory Corruption Cpci85 Central Processing Communication +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH Act Now

Remote denial-of-service in Siemens CPCI85 Central Processing/Communication and RTUM85 RTU Base (versions below V26.10) allows adjacent network attackers to exhaust system resources via high-volume requests, forcing device reset or reboot to restore parameterization functionality. No public exploit identified at time of analysis. CVSS 7.1 (High) with adjacent network access vector and no privileges required indicates moderate real-world risk for industrial environments where these RTU and control processing devices operate.

Denial Of Service Cpci85 Central Processing Communication Rtum85 Rtu Base
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy