PatchSiren cyber security CVE debrief
CVE-2026-27664 Siemens CVE debrief
CVE-2026-27664 is a network-exploitable Siemens vulnerability in SICAM 8 products that can be triggered by specially crafted XML input. The issue is an out-of-bounds write that may crash the affected service, creating a denial-of-service condition. Siemens and CISA list fixed releases for the affected CPCI85 and SICORE components.
- Vendor
- Siemens
- Product
- CPCI85 Central Processing/Communication
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-26
- Original CVE updated
- 2026-04-02
- Advisory published
- 2026-03-26
- Advisory updated
- 2026-04-02
Who should care
Operators and maintainers of Siemens SICAM 8 environments, especially sites using CPCI85 Central Processing/Communication or SICORE Base system firmware below the fixed versions. ICS defenders responsible for availability, patching, and network exposure of these systems should prioritize review.
Technical summary
The supplied advisory corpus describes an out-of-bounds write while parsing specially crafted XML inputs. The attack vector is network-based and requires no privileges or user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating a remotely reachable availability-impacting flaw. The source advisory maps the issue to Siemens CPCI85 Central Processing/Communication versions before V26.10 and SICORE Base system versions before V26.10.0. The documented impact is service crash/denial of service; no confidentiality or integrity impact is indicated in the provided material.
Defensive priority
High. The vulnerability is remotely reachable, unauthenticated, and rated CVSS 7.5 with availability impact, so exposed ICS deployments should be reviewed and patched promptly.
Recommended defensive actions
- Update CPCI85 Central Processing/Communication to V26.10 or later.
- Update SICORE Base system to V26.10.0 or later.
- Verify whether your installed firmware is delivered through CP-8031/CP-8050 Package V26.10, SICAM EGS Package V26.10, CP-8010/CP-8012 Package V26.10, or SICAM S8000 Package V26.10 as listed in the advisory.
- Restrict network exposure to affected XML-facing services and apply ICS segmentation and defense-in-depth practices from CISA guidance.
- Monitor for service crashes or abnormal XML parsing failures in affected Siemens environments until patched.
Evidence notes
The source corpus is CISA ICSA-26-092-01, republished from Siemens ProductCERT advisory SSA-246443. It states that the affected application contains an out-of-bounds write while parsing specially crafted XML inputs and that an unauthenticated attacker can send a malicious XML request causing a service crash and denial of service. The advisory maps affected products to Siemens CPCI85 Central Processing/Communication versions < V26.10 and SICORE Base system versions < V26.10.0, with remediation to V26.10 or later and V26.10.0 or later respectively. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Official resources
-
CVE-2026-27664 CVE record
CVE.org
-
CVE-2026-27664 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-03-26 and issued a CISA republication on 2026-04-02 based on Siemens ProductCERT advisory SSA-246443. The CVE publication date used here is 2026-03-26, matching the supplied source timeline.