CP
cyberpings
VulnerabilitiesHIGH

Siemens SICAM 8 Products - Multiple Vulnerabilities Found

CICISA Advisories
CVE-2026-27663CVE-2026-27664SiemensSICAM 8Industrial Control Systems
🎯

Basically, Siemens found security flaws in their products that could cause them to stop working.

Quick Summary

Siemens has discovered multiple vulnerabilities in SICAM 8 products that could disrupt services. Users are urged to update their firmware to the latest versions to enhance security and maintain functionality. This is crucial for operators in critical manufacturing sectors.

What Happened

Siemens has identified multiple vulnerabilities affecting its SICAM 8 product line. These vulnerabilities could lead to denial of service (DoS) conditions, impacting the functionality of critical infrastructure systems. The affected products include various firmware versions of SICAM A8000, CPCI85, SICORE, and RTUM85.

Who's Affected

The vulnerabilities impact users of Siemens SICAM 8 products, particularly those in the critical manufacturing sector. This includes operators of critical power systems worldwide who rely on these devices for essential services.

What Data Was Exposed

While no sensitive data was directly exposed, the vulnerabilities could result in system downtime and operational disruptions. The specific vulnerabilities include:

  • CVE-2026-27663: A resource exhaustion vulnerability that can lead to service crashes when subjected to high request volumes.
  • CVE-2026-27664: An out-of-bounds write vulnerability that can be exploited by sending malicious XML requests, potentially causing the service to crash.

What You Should Do

Siemens strongly recommends that users update their affected products to version 26.10 or later. This update addresses the identified vulnerabilities. Here are the steps to take:

  • Check the current firmware version of your SICAM 8 products.
  • Update to the latest firmware versions available on Siemens’ support site.
  • Validate the updates in a controlled environment before widespread deployment.

Additionally, operators should implement security best practices such as:

  • Protecting network access with firewalls and VPNs.
  • Ensuring that control systems are not directly accessible from the internet.
  • Regularly reviewing and updating security measures in line with industry standards.

Conclusion

The vulnerabilities in Siemens SICAM 8 products highlight the importance of maintaining updated firmware in industrial control systems. By following Siemens' recommendations and implementing robust security practices, organizations can mitigate the risks associated with these vulnerabilities and ensure the reliability of their critical infrastructure.

🔒 Pro insight: The identified vulnerabilities underscore the need for proactive firmware management in industrial control systems to prevent potential exploitation.

Original article from

CICISA Advisories· CISA
Read Full Article

Share

Related Pings

CRITICALVulnerabilities

CVE-2025-55182 - Hackers Breach 766 Next.js Hosts

Hackers have exploited a critical vulnerability in Next.js, breaching 766 hosts and stealing sensitive credentials. Organizations must take swift action to mitigate risks and secure their systems.

The Hacker News·
HIGHVulnerabilities

OpenSSH Vulnerabilities - Security Advisory Released

OpenSSH has issued a security advisory for vulnerabilities in versions prior to 10.3. Users need to update to the latest version to protect their systems. This advisory highlights critical risks that could lead to unauthorized access. Stay secure by applying the necessary updates.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Progress ShareFile - Security Vulnerability Advisory Released

Progress has issued a security advisory for ShareFile vulnerabilities. Users must update to versions v5.12.4 or later to protect their data. This is crucial for maintaining security.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Mongoose Vulnerabilities - Cesanta Issues Security Advisory

Cesanta has issued a security advisory for Mongoose, affecting versions 7.0 to 7.20. Users must update to safeguard against vulnerabilities. Don't wait—protect your systems now!

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has patched critical vulnerabilities that could allow attackers to bypass authentication and gain system access. Organizations using Cisco products are urged to update immediately to avoid risks.

Security Affairs·
CRITICALVulnerabilities

Critical Vulnerability Found in Claude Code After Source Leak

A critical vulnerability in Claude Code was discovered shortly after its source code leak. This flaw could allow attackers to bypass security measures and steal sensitive credentials, posing a significant risk. Developers must act quickly to protect their systems.

SecurityWeek·