Siemens SICORE Admin Account Authorization Bypass Vulnerability
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.
Quick answer
Siemens SICORE Base system should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- CPCI85 Central Processing/Communication before V26.20
- SICORE Base system before V26.20.0
Fixed versions
- CPCI85 V26.20 or later
- SICORE Base system V26.20.0 or later
How to fix it
Siemens SICORE Base system and CPCI85 are affected by insufficient credential validation during administrative account modifications. Upgrade CPCI85 to V26.20 or later and SICORE Base system to V26.20.0 or later. Because this can allow privilege escalation, review administrative account activity and isolate management access during remediation.
- Inventory CPCI85 Central Processing/Communication and SICORE Base system deployments and record versions.
- Upgrade CPCI85 to V26.20 or later and SICORE Base system to V26.20.0 or later.
- Restrict web API and management access to trusted engineering networks and approved operators only.
- Review administrative account modifications, role changes, and authentication logs for suspicious activity.
- Disable or remove unused administrative accounts and enforce strong authentication controls.
- Rotate privileged credentials if unauthorized account changes are found.
- Back up configuration and validate operational safety controls before and after the update.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm affected Siemens components report the fixed versions.
- Validate administrative account changes require proper authentication and authorization.
- Review web API logs and account audit history for privilege escalation attempts.
- Test approved operator and administrator workflows after the upgrade.
- Run a Fixnx scan and confirm no public SICORE or CPCI85 management interface is exposed.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-54801?
Siemens SICORE Base system versions listed as affected should be reviewed: CPCI85 Central Processing/Communication before V26.20, SICORE Base system before V26.20.0.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
