Full Report
Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to denial of service, namely: SICAM A8000 Device firmware CPCI85 for CP-8031/CP-8050 SICORE for CP-8010/CP-8012 RTUM85 for CP-8010/CP-8012 SICAM EGS Device firmware CPCI85 SICAM S8000 SICORE RTUM85 Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Multiple Denial of Service Flaws in Siemens SICAM 8 Products
## CVE Details
**Vulnerability 1**
- **CVE ID:** CVE-2026-27664
- **CVSS Score:** 7.5 (High) / 8.7 (CVSS v4.0)
- **CWE:** CWE-787: Out-of-bounds Write
**Vulnerability 2**
- **CVE ID:** CVE-2026-27663
- **CVSS Score:** 6.5 (Medium) / 7.1 (CVSS v4.0)
- **CWE:** CWE-770: Allocation of Resources Without Limits or Throttling
## Affected Systems
- **Products:**
- SICAM A8000 (CP-8031, CP-8050, CP-8010, CP-8012)
- SICAM EGS (Enhanced Grid Sensor)
- SICAM S8000
- **Versions:**
- **CPCI85 Firmware:** All versions < V26.10
- **RTUM85 Firmware:** All versions < V26.10
- **SICORE Firmware:** All versions < V26.10.0
- **Configurations:** Systems utilizing remote operation modes or XML-based input parsing.
## Vulnerability Description
- **CVE-2026-27664:** An out-of-bounds write vulnerability exists in the parsing of XML inputs. An unauthenticated attacker can send a specially crafted XML request to crash the service.
- **CVE-2026-27663:** A resource exhaustion flaw in the remote operation mode. A high volume of requests can exhaust system resources, preventing parameterization and requiring a physical reset or reboot to restore services.
## Exploitation
- **Status:** Coordinated disclosure; no reports of exploitation in the wild at this time.
- **Complexity:** Low
- **Attack Vector:**
- **CVE-2026-27664:** Network (Remote)
- **CVE-2026-27663:** Adjacent (Local Network)
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (Results in service crash or device lock-up requiring a manual reboot)
## Remediation
### Patches
Siemens recommends updating to the following firmware versions or later:
- **CP-8031/CP-8050 & SICAM EGS:** CPCI85 Firmware V26.10 (contained in Package V26.10)
- **CP-8010/CP-8012 & SICAM S8000:**
- RTUM85 Firmware V26.10
- SICORE Firmware V26.10.0
### Workarounds
- Restrict network access to affected devices using firewalls and VLAN segmentation.
- Disable unused remote operation modes or services if not required for operation.
- Use VPNs for any required remote technical access.
## Detection
- **Indicators of Compromise:** Unexpected device reboots, inability to access the parameterization interface, or service crashes following unusual XML traffic.
- **Detection methods:** Monitor network traffic for high-volume request bursts (flood attacks) and validate XML traffic against known schemas for anomalies.
## References
- **Vendor Advisory:** [https://cert-portal.siemens.com/productcert/pdf/ssa-246443.pdf]
- **Siemens ProductCERT:** hxxps://www[.]siemens[.]com/cert/advisories
- **Grid Security Guidelines:** hxxps://www[.]siemens[.]com/gridsecurity