CVE-2026-54800
MEDIUMSiemens CPCI85 Central Processing/Communication - Initialization of a Resource with an Insecure Default
Title source: ruleDescription
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.
References (1)
Core 1
Core References
Scores
CVSS v3
4.8
EPSS
0.0015
EPSS Percentile
4.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1188
Status
published
Products (2)
Siemens/CPCI85 Central Processing/Communication
< V26.20
Siemens/SICORE Base system
< V26.20.0
Published
Jul 09, 2026
Tracked Since
Jul 09, 2026