CVE-2026-54800

MEDIUM

Siemens CPCI85 Central Processing/Communication - Initialization of a Resource with an Insecure Default

Title source: rule
STIX 2.1

Description

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.

Scores

CVSS v3 4.8
EPSS 0.0015
EPSS Percentile 4.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-1188
Status published
Products (2)
Siemens/CPCI85 Central Processing/Communication < V26.20
Siemens/SICORE Base system < V26.20.0
Published Jul 09, 2026
Tracked Since Jul 09, 2026