CVE-2026-27664

Vulnerability

Overview

An out-of-bounds write vulnerability exists in the CPCI85 Central Processing/Communication and SICORE Base system components of Siemens SICAM A8000 devices (CP-8031, CP-8050, CP-8010, CP-8012) when parsing specially crafted XML inputs [1][2]. The flaw stems from insufficient bounds checking during XML processing, allowing an attacker to write data beyond allocated memory boundaries.

Exploitation

An unauthenticated attacker can exploit this vulnerability by sending a malicious XML request to the affected service over the network [1]. No authentication or prior access is required, making the attack surface accessible to any network entity that can reach the device. The vulnerability affects all firmware versions prior to V26.10 [1][2].

Impact

Successful exploitation causes the service to crash, resulting in a denial-of-service condition [2]. Given the use of these devices in critical power grid infrastructure, a sustained denial of service could disrupt monitoring and control functions. The CVSS v3.1 base score is 7.5 (High), and the CVSS v4.0 score is 8.7 (High) [2].

Mitigation

Siemens has released firmware version V26.10 to address this vulnerability [1][2]. Users are strongly advised to update affected devices to the latest version. No workarounds are documented; the vendor recommends following general security practices for critical infrastructure systems [2].