Siemens SICAM 8 Flaws Expose Critical Infrastructure to Cyberattacks

Siemens patched two critical vulnerabilities (CVE-2026-27663 and CVE-2026-27664) in its SICAM 8 product line, exposing critical infrastructure to denial-of-service (DoS) attacks and system crashes. The flaws affect multiple SICAM 8 products, including SICAM A8000 and CP-8031/CP-8050, and require immediate firmware updates to mitigate risks.

---
title: "Siemens SICAM 8 Flaws Expose Critical Infrastructure to Cyberattacks"
short_title: "Siemens SICAM 8 vulnerabilities threaten critical systems"
description: "Siemens patches severe vulnerabilities in SICAM 8 products, including DoS and out-of-bounds write flaws. Update now to protect critical infrastructure from exploitation."
author: "Vitus"
date: 2024-10-25
categories: [Cybersecurity, Vulnerabilities]
tags: [siemens, sicam 8, cve-2026-27663, cve-2026-27664, critical-infrastructure]
score: 0.85
cve_ids: [CVE-2026-27663, CVE-2026-27664]
---

TL;DR

Siemens has released critical security updates for its SICAM 8 products, addressing two severe vulnerabilities—CVE-2026-27663 and CVE-2026-27664—that could lead to denial-of-service (DoS) attacks and system crashes. These flaws affect multiple products deployed in critical infrastructure worldwide. Operators are urged to update to the latest firmware versions immediately to mitigate risks.

---

Main Content

Introduction

Siemens has identified and patched two critical vulnerabilities in its SICAM 8 product line, which is widely used in critical infrastructure sectors such as energy and manufacturing. The vulnerabilities, CVE-2026-27663 and CVE-2026-27664, could allow attackers to exploit systems, leading to denial-of-service (DoS) conditions or unauthorized system crashes. Given the widespread deployment of these products, Siemens has released firmware updates to address the issues and urges all users to apply them without delay.

---

Key Points

- Vulnerabilities Identified: Two critical flaws—CVE-2026-27663 (resource exhaustion) and CVE-2026-27664 (out-of-bounds write)—affect multiple SICAM 8 products.
- Impact: Exploitation could lead to DoS conditions, system crashes, or disruption of critical operations in energy and manufacturing sectors.
- Affected Products: Includes SICAM A8000, CP-8031/CP-8050, CP-8010/CP-8012, SICAM EGS, and SICAM S8000 devices.
- Recommended Action: Siemens has released firmware updates (V26.10 or later) to mitigate these vulnerabilities. Users must apply these updates immediately.
- Global Reach: These products are deployed worldwide, particularly in critical manufacturing and energy sectors.

---

Technical Details

#### CVE-2026-27663: Resource Exhaustion Vulnerability
- Description: The affected applications are vulnerable to a DoS attack due to improper handling of high volumes of requests. An attacker can exploit this flaw by sending multiple requests, exhausting system resources and preventing parameterization.
- CVSS Score: 6.5 (Medium)
- Vector: `CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
- Affected Products:
- CPCI85 Central Processing/Communication (versions < 26.10)
- RTUM85 RTU Base (versions < 26.10)
- Mitigation: Update to V26.10 or later via the official Siemens support links:
- [CP-8031/CP-8050 Package V26.10](https://support.industry.siemens.com/cs/ww/en/view/109804985/)
- [SICAM EGS Package V26.10](https://support.industry.siemens.com/cs/document/109972536/)
- Relevant CWE: [CWE-770: Allocation of Resources Without Limits or Throttling](https://cwe.mitre.org/data/definitions/770.html)

---

#### CVE-2026-27664: Out-of-Bounds Write Vulnerability
- Description: This flaw involves an out-of-bounds write issue triggered by parsing malicious XML inputs. An unauthenticated attacker could exploit this vulnerability to crash the service, resulting in a DoS condition.
- CVSS Score: 7.5 (High)
- Vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
- Affected Products:
- CPCI85 Central Processing/Communication (versions < 26.10)
- SICORE Base System (versions < 26.10.0)
- Mitigation: Update to V26.10.0 or later via the official Siemens support links:
- [CP-8010/CP-8012 Package V26.10](https://support.industry.siemens.com/cs/ww/en/view/109972894/)
- [SICAM S8000 Package V26.10](https://support.industry.siemens.com/cs/document/109818240)
- Relevant CWE: [CWE-787: Out-of-Bounds Write](https://cwe.mitre.org/data/definitions/787.html)

---

Impact Assessment

The vulnerabilities pose a significant risk to critical infrastructure sectors, particularly energy and manufacturing, where SICAM 8 products are extensively deployed. Successful exploitation could lead to:
- Disruption of operations due to DoS conditions or system crashes.
- Unauthorized access to sensitive systems, potentially compromising entire networks.
- Regulatory non-compliance for operators failing to secure critical systems.

Given the global deployment of these products, the potential impact is widespread, affecting organizations worldwide.

---

Mitigation Steps

Siemens has provided the following recommendations to mitigate the risks associated with these vulnerabilities:

1. Apply Firmware Updates:
- Update all affected products to V26.10 or later using the official Siemens support links provided above.

2. Network Protection:
- Minimize network exposure for control system devices. Ensure they are not accessible from the internet.
- Isolate control system networks behind firewalls and segment them from business networks.

3. Secure Remote Access:
- Use secure methods like Virtual Private Networks (VPNs) for remote access. Ensure VPNs are updated to the latest versions.

4. Follow Operational Guidelines:
- Adhere to Siemens' operational security guidelines to protect devices in IT environments. Refer to [Siemens Grid Security](https://www.siemens.com/gridsecurity) for best practices.

5. Monitor for Suspicious Activity:
- Implement continuous monitoring for signs of exploitation or unauthorized access. Report any suspicious activity to CISA or Siemens ProductCERT.

---

Affected Systems

The following Siemens SICAM 8 products and versions are affected by these vulnerabilities:

| Product | Affected Versions | Vulnerabilities |
|--------------------------------------|-----------------------------|-----------------------------------------|
| CPCI85 Central Processing/Communication | < 26.10 | CVE-2026-27663, CVE-2026-27664 |
| RTUM85 RTU Base | < 26.10 | CVE-2026-27663 |
| SICORE Base System | < 26.10.0 | CVE-2026-27664 |

---

Conclusion

The discovery of CVE-2026-27663 and CVE-2026-27664 in Siemens SICAM 8 products underscores the critical importance of proactive cybersecurity measures in protecting infrastructure. Operators must apply the provided firmware updates immediately and follow Siemens' security recommendations to minimize risks. Failure to act could result in disrupted operations, financial losses, and compromised safety in critical sectors.

For further assistance, contact Siemens ProductCERT or visit their [advisory page](https://www.siemens.com/cert/advisories).

---

References

[^1]: Siemens ProductCERT. "[SSA-246443: Vulnerabilities in SICAM 8 Products](https://support.industry.siemens.com/cs/ww/en/view/109972894/)". Retrieved 2024-10-25.
[^2]: CISA. "[ICSA-26-092-01: Siemens SICAM 8 Products](https://www.cisa.gov/news-events/ics-advisories/icsa-26-092-01)". Retrieved 2024-10-25.
[^3]: MITRE. "[CVE-2026-27663 Detail](https://www.cve.org/CVERecord?id=CVE-2026-27663)". Retrieved 2024-10-25.
[^4]: MITRE. "[CVE-2026-27664 Detail](https://www.cve.org/CVERecord?id=CVE-2026-27664)". Retrieved 2024-10-25.