Security Risk Category

industrial-control Security Risks

Published vulnerability pages connected to industrial-control. One risk can appear in multiple categories while keeping one canonical page.

industrial-control risks

Showing 5 of 5 published risks.

lowEPSS 0.003

Snap7 ReadVar Request Handler Stack Buffer Overflow Vulnerability

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-15105snap7s7industrial-controlot-security

Updated Jul 10, 2026

high

Siemens SICORE Exposed Debug HTTP Endpoint Denial of Service Vulnerability

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions.

CVE-2026-54798siemenssicoreindustrial-controlsicore-base-system

Updated Jul 10, 2026

high

Siemens SICORE Firmware Signature Validation Vulnerability

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.

CVE-2026-54799siemenssicoreindustrial-controlfirmware

Updated Jul 10, 2026

medium

Siemens SICORE Insecure OPC UA Default Configuration Vulnerability

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.

CVE-2026-54800siemenssicoreindustrial-controlopc-ua

Updated Jul 10, 2026

high

Siemens SICORE Admin Account Authorization Bypass Vulnerability

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.

CVE-2026-54801siemenssicoreindustrial-controlsicore-base-system

Updated Jul 10, 2026