CVE-2026-27664
Received Received - Intake
Out-of-Bounds Write in CPCI85 and SICORE Causes DoS

Publication date: 2026-03-26

Last updated on: 2026-04-14

Assigner: Siemens AG

Description
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27664
EUVD
EUVD-2026-16181
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
siemens cpci85 to 26.10 (exc)
siemens sicore_base_system to 26.10.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the CPCI85 Central Processing/Communication and SICORE Base system software versions prior to V26.10 and V26.10.0 respectively. It is caused by an out-of-bounds write error when the software parses specially crafted XML inputs.

An unauthenticated attacker can exploit this vulnerability by sending a malicious XML request to the affected system.

Exploitation may cause the service to crash, leading to a denial-of-service (DoS) condition.

Impact Analysis

The primary impact of this vulnerability is a denial-of-service condition caused by the service crashing when processing malicious XML inputs.

Since the vulnerability can be exploited remotely without authentication, it poses a risk of service disruption.

There is no direct impact on confidentiality or integrity, but availability of the affected service is compromised.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27664. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart