PatchSiren cyber security CVE debrief
CVE-2026-27663 Siemens CVE debrief
CVE-2026-27663 is a denial-of-service vulnerability in Siemens SICAM 8 products. In the affected remote operation mode, a high volume of requests can exhaust resources, interrupting parameterization and leaving the device or service unavailable until it is reset or rebooted. CISA published the advisory on 2026-03-26 and republished it on 2026-04-02 from Siemens ProductCERT material.
- Vendor
- Siemens
- Product
- CPCI85 Central Processing/Communication
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-26
- Original CVE updated
- 2026-04-02
- Advisory published
- 2026-03-26
- Advisory updated
- 2026-04-02
Who should care
Industrial control system and OT teams running Siemens SICAM 8 deployments, especially those using CPCI85 Central Processing/Communication, RTUM85 RTU Base, or SICORE Base system versions below the fixed releases. Asset owners should pay particular attention if the remote operation mode is reachable or relied upon for ongoing operations.
Technical summary
The source advisory describes a resource exhaustion condition caused by a high volume of requests against the affected application's remote operation mode. The impact is availability-only: parameterization can fail, and restoration may require a reset or reboot. The advisory maps this issue to CVSS 3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and lists remediation to update to V26.10 or later for the affected product packages.
Defensive priority
Medium priority: patch promptly because the issue can disrupt availability and may require reboot-based recovery, but the provided corpus does not indicate known exploitation or KEV listing.
Recommended defensive actions
- Update affected Siemens products to V26.10 or later, following the vendor package guidance listed in the advisory.
- Inventory deployments of CPCI85, RTUM85, and SICORE Base system to confirm which versions are below the fixed releases.
- Review whether remote operation mode is needed and limit exposure of remote management paths where operationally feasible.
- Apply CISA ICS recommended practices and defense-in-depth guidance to reduce the impact of request floods and other availability events.
- Monitor affected systems for unusual request volume, degraded responsiveness, or repeated parameterization failures, and be prepared to perform a controlled reset or reboot if needed.
Evidence notes
The supplied CISA CSAF source states: 'The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.' The source metadata identifies Siemens SICAM 8 products and remediations to V26.10 or later for CPCI85 and RTUM85-related packages, with a related product family entry for SICORE Base system. The corpus also includes the official CVE record, Siemens advisory links, CISA advisory link, and CWE-770 reference for resource allocation issues.
Official resources
-
CVE-2026-27663 CVE record
CVE.org
-
CVE-2026-27663 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2026-03-26 in CISA advisory ICSA-26-092-01, with a CISA republication update on 2026-04-02 based on Siemens ProductCERT advisory SSA-246443.