CVE-2026-25569
The SICAM SIAPP SDK contains multiple vulnerabilities that could allow an attacker to disrupt the customer-developed SIAPP or its simulation environment. Potential impacts include denial of service within the SIAPP, corruption of SIAPP data, or exploit the simulation environment. These vulnerabilities are only exploitable if the API is used improperly or hardening measures are not applied. Siemens has released a new version for SICAM SIAPP SDK and recommends to update to the latest version. The following versions of Siemens SICAM SIAPP SDK are affected: SICAM SIAPP SDK vers:intdot/ CVSS Vendor Equipment Vulnerabilities v3 7.4 Siemens Siemens SICAM SIAPP SDK Out-of-bounds Write, Stack-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency, External Control of File Name or Path Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany
EPSS 0.02% · 5.3th percentile
Risk Scores
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/html/ssa-452276.html (circl)
- CIRCL seen: CVE-2025-40943 (circl-sighting)
- CIRCL seen: CVE-2025-40943 (circl-sighting)
- CIRCL seen: CVE-2025-40943 (circl-sighting)
- CIRCL seen: CVE-2026-25569 (circl-sighting)
- CIRCL seen: CVE-2026-25569 (circl-sighting)
- CIRCL seen: CVE-2026-25569 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-903736.html (circl)
Timeline
- Mar 10, 2026 CVE Published
- Mar 10, 2026 PoC Published
- Mar 10, 2026 PoC Published
- Mar 11, 2026 EPSS Score
- Mar 12, 2026 EPSS Score
- Mar 12, 2026 PoC Published
- Mar 13, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score
- Mar 17, 2026 Security Advisory
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-04 advisory
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-076-04.json advisory
- https://www.cve.org/CVERecord?id=CVE-2026-25569 technical
- https://cwe.mitre.org/data/definitions/787.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2026-25570 technical
- https://cwe.mitre.org/data/definitions/121.html technical
- https://www.cve.org/CVERecord?id=CVE-2026-25571 technical
- https://cwe.mitre.org/data/definitions/130.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2026-25572 technical
- https://www.cve.org/CVERecord?id=CVE-2026-25573 technical
- https://cwe.mitre.org/data/definitions/73.html technical
- https://www.cve.org/CVERecord?id=CVE-2026-25605 technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H technical