CVE-2026-25571
Received Received - Intake
Stack Overflow in SICAM SIAPP SDK Client Causes DoS

Publication date: 2026-03-10

Last updated on: 2026-03-13

Assigner: Siemens AG

Description
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25571
EUVD
EUVD-2026-10526
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
siemens sicam_siapp_sdk to 2.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-130 The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the SICAM SIAPP SDK client component versions prior to V2.1.7. The issue is that the software does not enforce maximum length checks on certain variables before using them. As a result, an attacker can send input that is larger than expected, which can cause a stack overflow.

A stack overflow can crash the process running the SDK client component, potentially leading to denial of service.

Impact Analysis

The primary impact of this vulnerability is that an attacker could cause the affected process to crash by sending oversized input, resulting in a denial of service condition.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25571. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart