CVE-2026-25571 Siemens CVE debrief

Who should care

Organizations using Siemens SICAM SIAPP SDK, especially those embedding the client component in industrial or operational technology environments, should review whether any deployed products include affected versions below V2.1.7.

Technical summary

The supplied advisory describes a length-validation weakness in the SICAM SIAPP SDK client component. The stated impact is a stack overflow leading to process crash and availability loss. The provided CVSS v3.1 vector is AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, which aligns with availability-only impact and indicates that exploitation is assessed as higher complexity.

Defensive priority

Medium. The issue is not marked as KEV and the disclosed impact is denial of service rather than code execution, but it can still disrupt affected industrial software components if vulnerable versions remain deployed.

Recommended defensive actions

• Upgrade Siemens SICAM SIAPP SDK to V2.1.7 or later.
• Inventory products and integrations that include SICAM SIAPP SDK and confirm whether they use affected versions below V2.1.7.
• Apply vendor and CISA guidance for industrial control system defensive practices, including segmentation and defense-in-depth controls.
• Monitor for crashes or abnormal termination in components that rely on the affected SDK client functionality.

Evidence notes

All substantive claims are taken from the supplied CISA CSAF advisory record for ICSA-26-076-04 and its Siemens ProductCERT references. The advisory states the affected product as Siemens SICAM SIAPP SDK vers:intdot/<2.1.7, describes missing maximum length checks, and recommends updating to V2.1.7 or later. Timing context uses the supplied publication date of 2026-03-10 and the republication/revision date of 2026-03-17.

Official resources