Security Risk Category

cpci85-central-processing-communication Security Risks

Published vulnerability pages connected to cpci85-central-processing-communication. One risk can appear in multiple categories while keeping one canonical page.

cpci85-central-processing-communication risks

Showing 4 of 4 published risks.

high

Siemens SICORE Exposed Debug HTTP Endpoint Denial of Service Vulnerability

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions.

CVE-2026-54798siemenssicoreindustrial-controlsicore-base-system

Updated Jul 10, 2026

high

Siemens SICORE Firmware Signature Validation Vulnerability

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.

CVE-2026-54799siemenssicoreindustrial-controlfirmware

Updated Jul 10, 2026

medium

Siemens SICORE Insecure OPC UA Default Configuration Vulnerability

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.

CVE-2026-54800siemenssicoreindustrial-controlopc-ua

Updated Jul 10, 2026

high

Siemens SICORE Admin Account Authorization Bypass Vulnerability

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.

CVE-2026-54801siemenssicoreindustrial-controlsicore-base-system

Updated Jul 10, 2026