Out-of-Bounds Write Vulnerability in CPCI85 and SICORE Base System by Siemens
CVE-2026-27664

8.7HIGH

Key Information:

Vendor: Siemens
Status: Cpci85 Central Processing/communication; Sicore Base System
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-27664?

A vulnerability has been identified in Siemens' CPCI85 Central Processing/Communication and SICORE Base System, allowing for an out-of-bounds write condition. This issue arises when parsing specially crafted XML inputs, which can lead to unauthorized access. An attacker could potentially exploit this vulnerability by sending a malicious XML request, causing the affected service to crash and resulting in a denial-of-service situation. Organizations utilizing these systems are advised to take appropriate measures to remediate this vulnerability.

Affected Version(s)

CPCI85 Central Processing/Communication 0

SICORE Base system 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2464...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27664 Data

JSON