Security Risk Category
siemens Security Risks
Published vulnerability pages connected to siemens. One risk can appear in multiple categories while keeping one canonical page.
siemens risks
Showing 4 of 4 published risks.
Siemens SICORE Exposed Debug HTTP Endpoint Denial of Service Vulnerability
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions.
Updated Jul 10, 2026
Siemens SICORE Firmware Signature Validation Vulnerability
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.
Updated Jul 10, 2026
Siemens SICORE Insecure OPC UA Default Configuration Vulnerability
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.
Updated Jul 10, 2026
Siemens SICORE Admin Account Authorization Bypass Vulnerability
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.
Updated Jul 10, 2026
