CVE-2026-27664

HIGH

Siemens Cpci85 Central Processing/communication < V26.10 - Out-of-Bounds Access

Title source: rule

Description

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.

References (2)

https://cert-portal.siemens.com/productcert/html/ssa-246443.html

[Mailing List] http://seclists.org/fulldisclosure/2026/Apr/7

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 17.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (2)

Siemens/CPCI85 Central Processing/Communication < V26.10

Siemens/SICORE Base system < V26.10.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026