CVE-2026-54799
Received Received - Intake

Firmware Signature Validation Bypass in CPCI85 Central Processing

Vulnerability report for CVE-2026-54799, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Siemens AG

Description

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
siemens cpci85 to 26.20 (exc)
siemens sicore_base_system to 26.20.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-489 The product is released with debugging code still enabled or active.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the firmware update mechanism of the CPCI85 Central Processing/Communication and SICORE Base system. Specifically, the signature validation process used during firmware updates is flawed. Because of this, an attacker could exploit the vulnerability to install malicious firmware on the affected devices.

Installing malicious firmware can lead to persistent code execution, meaning the attacker’s code remains active on the system even after reboots, resulting in a full system compromise.

Impact Analysis

The impact of this vulnerability is significant because it allows an attacker to gain persistent control over the affected system by installing malicious firmware.

  • Persistent code execution on the device
  • Complete system compromise
  • Potential disruption of device functionality and security

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54799. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart