PatchSiren cyber security CVE debrief
CVE-2026-25572 Siemens CVE debrief
CVE-2026-25572 affects Siemens SICAM SIAPP SDK server component versions before 2.1.7. According to CISA’s republished Siemens ProductCERT advisory, the issue is a missing maximum-length check that can let an oversized input trigger a stack overflow, crash the process, and cause denial of service.
- Vendor
- Siemens
- Product
- SICAM SIAPP SDK
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-03-17
Who should care
Organizations that deploy or integrate Siemens SICAM SIAPP SDK, especially operators and maintainers of affected industrial or embedded environments running versions earlier than V2.1.7. Security and engineering teams responsible for availability and patch management should prioritize validation and upgrade planning.
Technical summary
The advisory describes a bounds-checking flaw in the SICAM SIAPP SDK server component: certain variables are used without enforcing maximum length checks first. The reported impact is availability-only, with CVSS 3.1 vector AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H and a base score of 5.1. Remediation is to update to V2.1.7 or later.
Defensive priority
Medium. The issue is limited to availability impact and has high attack complexity, but it can still interrupt a server process in environments where uptime matters. Prioritize patching any exposed or operationally critical deployments before routine maintenance windows.
Recommended defensive actions
- Upgrade Siemens SICAM SIAPP SDK to V2.1.7 or later.
- Inventory deployments to identify any affected versions earlier than 2.1.7.
- Treat unexpected process crashes in the SDK server component as a potential indicator of exploitation or malformed input handling issues.
- Apply industrial-control-system defensive practices from CISA and Siemens guidance while planning the update.
- Validate the fix in a controlled environment before production rollout, especially for operational technology deployments.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory record ICSA-26-076-04, which republishes Siemens ProductCERT advisory SSA-903736, and the associated Siemens and CISA reference links. The source states the affected product as Siemens SICAM SIAPP SDK versions < 2.1.7 and describes the impact as stack overflow leading to process crash and potential denial of service. Timing reflects the CVE and source publication date of 2026-03-10, with a source republication update on 2026-03-17.
Official resources
-
CVE-2026-25572 CVE record
CVE.org
-
CVE-2026-25572 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2026-03-10 as ICSA-26-076-04 and republished from Siemens ProductCERT advisory SSA-903736 on 2026-03-17. This is a vendor-disclosed issue with an available fix.