CVE-2026-25605
Improper File Deletion in SICAM SIAPP SDK Causes DoS
Publication date: 2026-03-10
Last updated on: 2026-03-12
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | sicam_siapp_sdk | to 2.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SICAM SIAPP SDK versions prior to V2.1.7. The affected application performs file deletion operations without properly validating the file path or the target of the deletion.
As a result, an attacker who can interact with the affected process could delete files or sockets that the process has permission to remove.
How can this vulnerability impact me? :
The vulnerability can lead to denial of service or service disruption by allowing an attacker to delete critical files or sockets that the affected process has permission to remove.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know