mediumCVE-2026-54800

Siemens SICORE Insecure OPC UA Default Configuration Vulnerability

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.

ProductSICORE Base system
CVSS6.3
EPSSNot scored yet
UpdatedJuly 10, 2026

Quick answer

Siemens SICORE Base system should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • CPCI85 Central Processing/Communication before V26.20
  • SICORE Base system before V26.20.0

Fixed versions

  • CPCI85 V26.20 or later
  • SICORE Base system V26.20.0 or later

How to fix it

Siemens SICORE Base system and CPCI85 ship with an insecure OPC UA default configuration before the fixed releases. Upgrade to the vendor fixed versions and explicitly enable secure OPC UA policies. Treat exposed OPC UA services as sensitive industrial-control access paths.

  1. Inventory SICORE Base system and CPCI85 deployments with OPC UA enabled.
  2. Upgrade CPCI85 to V26.20 or later and SICORE Base system to V26.20.0 or later.
  3. Enable OPC UA security mechanisms including certificate validation, encryption, signing, and authenticated access.
  4. Disable anonymous or unauthenticated OPC UA access unless explicitly required and isolated.
  5. Restrict OPC UA endpoints to trusted operational networks and approved clients only.
  6. Review OPC UA connection logs for unauthorized access attempts before remediation.
  7. Rotate OPC UA certificates or credentials if untrusted access may have occurred.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm fixed Siemens versions are installed.
  • Validate OPC UA clients must use approved certificates and secure policies.
  • Check that anonymous or insecure OPC UA endpoints are disabled or isolated.
  • Review OPC UA and network logs for abnormal client access.
  • Run a Fixnx scan and confirm no public OPC UA or SICORE management exposure remains.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-54800?

Siemens SICORE Base system versions listed as affected should be reviewed: CPCI85 Central Processing/Communication before V26.20, SICORE Base system before V26.20.0.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.