CVE-2026-27663

MEDIUM

Siemens Cpci85 Central Processing/communication < V26.10 - Denial of Service

Title source: rule

Description

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.

References (2)

https://cert-portal.siemens.com/productcert/html/ssa-246443.html

[Mailing List] http://seclists.org/fulldisclosure/2026/Apr/6

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 8.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (2)

Siemens/CPCI85 Central Processing/Communication < V26.10

Siemens/RTUM85 RTU Base < V26.10

Published Mar 26, 2026

Tracked Since Mar 26, 2026