Login Sign Up

CVE-2026-25571

5.1 MEDIUM
Denial of Service

📋 TL;DR

A stack overflow vulnerability in SICAM SIAPP SDK allows attackers to send oversized inputs that crash the process, causing denial of service. This affects all versions before V2.1.7 of the SDK client component. Organizations using SICAM products with this SDK are vulnerable.

💻 Affected Systems

Products:
  • SICAM SIAPP SDK
Versions: All versions < V2.1.7
Operating Systems: Not specified in CVE, but typically Windows-based for Siemens industrial products
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the client component of the SDK. Specific SICAM products using this SDK may vary.

📦 What is this software?

Sicam Siapp Sdk by Siemens

View all CVEs affecting Sicam Siapp Sdk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for affected systems, potentially disrupting industrial operations that rely on SICAM products.

🟠

Likely Case

Service disruption through process crashes requiring manual restart of affected components.

🟢

If Mitigated

Limited impact with proper network segmentation and input validation controls in place.

🌐 Internet-Facing: MEDIUM - While the vulnerability exists, industrial control systems typically shouldn't be directly internet-facing.
🏢 Internal Only: HIGH - Internal attackers or compromised systems could exploit this to disrupt operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability description suggests straightforward exploitation by sending oversized inputs to trigger stack overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2.1.7

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-903736.html

Restart Required: Yes

Instructions:

1. Download SICAM SIAPP SDK V2.1.7 from Siemens official sources. 2. Backup current configuration. 3. Install the update following Siemens documentation. 4. Restart affected systems. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SICAM systems from untrusted networks to prevent exploitation attempts

Input Validation

all

Implement additional input validation at network perimeter devices

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can communicate with SICAM systems
  • Monitor for abnormal traffic patterns or repeated connection attempts to SICAM services

🔍 How to Verify

Check if Vulnerable:

Check the SDK version installed. If version is below V2.1.7, the system is vulnerable.

Check Version:

Check Siemens documentation for specific version checking commands for your SICAM product.

Verify Fix Applied:

Confirm SDK version is V2.1.7 or higher and test system functionality.

📡 Detection & Monitoring

Log Indicators:

  • Process crashes of SICAM components
  • Abnormal termination logs
  • Memory violation errors

Network Indicators:

  • Unusually large data packets sent to SICAM services
  • Repeated connection attempts to SICAM ports

SIEM Query:

source="SICAM" AND (event_type="crash" OR event_type="memory_violation")

📊 Metadata

CVE ID: CVE-2026-25571
CVSS v3 Score: 5.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-130
Published: March 10, 2026
Last Updated: March 13, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25571, you might also want to check these:

CVE-2024-37989 8.0

This Secure Boot vulnerability allows attackers to bypass security features and execute unauthorized...

Same vulnerability type (CWE-130)
CVE-2024-38011 8.0

CVE-2024-38011 is a Secure Boot security feature bypass vulnerability that allows attackers to circu...

Same vulnerability type (CWE-130)
CVE-2025-10458 7.6

This CVE describes a parameter validation vulnerability in Zephyr RTOS where untrusted input is not ...

Same vulnerability type (CWE-130)