CVE-2026-54799
MEDIUMSiemens CPCI85 Central Processing/Communication - Active Debug Code
Title source: ruleDescription
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.
References (1)
Core 1
Core References
Scores
CVSS v3
6.7
EPSS
0.0013
EPSS Percentile
2.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-489
Status
published
Products (2)
Siemens/CPCI85 Central Processing/Communication
< V26.20
Siemens/SICORE Base system
< V26.20.0
Published
Jul 09, 2026
Tracked Since
Jul 09, 2026