CVE-2026-25572
Received Received - Intake

Stack Overflow in SICAM SIAPP SDK Server Causes DoS

Vulnerability report for CVE-2026-25572, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-10

Last updated on: 2026-03-13

Assigner: Siemens AG

Description

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-10
Last Modified
2026-03-13
Generated
2026-07-06
AI Q&A
2026-03-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
siemens sicam_siapp_sdk to 2.17 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-130 The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the SICAM SIAPP SDK server component versions earlier than V2.1.7. The issue arises because the server does not enforce maximum length checks on certain variables before using them.

An attacker could exploit this by sending an input that is larger than expected, which may cause a stack overflow. This overflow can crash the process running the server component.

The result of this vulnerability is a potential denial of service condition.

Impact Analysis

The primary impact of this vulnerability is that an attacker can cause the SICAM SIAPP SDK server component to crash by sending oversized inputs.

This crash leads to a denial of service, meaning legitimate users may be unable to access the affected service while it is down.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25572. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart