CVE-2026-27664
Out-of-Bounds Write in CPCI85 and SICORE Causes DoS
Publication date: 2026-03-26
Last updated on: 2026-04-14
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | cpci85 | to 26.10 (exc) |
| siemens | sicore_base_system | to 26.10.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the CPCI85 Central Processing/Communication and SICORE Base system software versions prior to V26.10 and V26.10.0 respectively. It is caused by an out-of-bounds write error when the software parses specially crafted XML inputs.
An unauthenticated attacker can exploit this vulnerability by sending a malicious XML request to the affected system.
Exploitation may cause the service to crash, leading to a denial-of-service (DoS) condition.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial-of-service condition caused by the service crashing when processing malicious XML inputs.
Since the vulnerability can be exploited remotely without authentication, it poses a risk of service disruption.
There is no direct impact on confidentiality or integrity, but availability of the affected service is compromised.