CVE-2026-54799

MEDIUM

Siemens CPCI85 Central Processing/Communication - Active Debug Code

Title source: rule
STIX 2.1

Description

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.

Scores

CVSS v3 6.7
EPSS 0.0013
EPSS Percentile 2.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-489
Status published
Products (2)
Siemens/CPCI85 Central Processing/Communication < V26.20
Siemens/SICORE Base system < V26.20.0
Published Jul 09, 2026
Tracked Since Jul 09, 2026