CVE-2026-25572
Received Received - Intake
Stack Overflow in SICAM SIAPP SDK Server Causes DoS

Publication date: 2026-03-10

Last updated on: 2026-03-13

Assigner: Siemens AG

Description
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-25572
EUVD
EUVD-2026-10527
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
siemens sicam_siapp_sdk to 2.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-130 The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the SICAM SIAPP SDK server component versions earlier than V2.1.7. The issue arises because the server does not enforce maximum length checks on certain variables before using them.

An attacker could exploit this by sending an input that is larger than expected, which may cause a stack overflow. This overflow can crash the process running the server component.

The result of this vulnerability is a potential denial of service condition.

Impact Analysis

The primary impact of this vulnerability is that an attacker can cause the SICAM SIAPP SDK server component to crash by sending oversized inputs.

This crash leads to a denial of service, meaning legitimate users may be unable to access the affected service while it is down.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25572. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart