CVE-2026-54801

HIGH

Siemens CPCI85 Central Processing/Communication - Unverified Password Change

Title source: rule
STIX 2.1

Description

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.

Scores

CVSS v3 7.2
EPSS 0.0034
EPSS Percentile 26.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-620
Status published
Products (2)
Siemens/CPCI85 Central Processing/Communication < V26.20
Siemens/SICORE Base system < V26.20.0
Published Jul 09, 2026
Tracked Since Jul 09, 2026