IM
IronMonkey Threat Research
‹ Back to ICS Advisories

SSA-229470: Multiple Vulnerabilities in SICAM 8 Products Before V26.20

HIGH
CVSS 7.2
Date 2026-07-09T00:00:00+00:00
Source siemens-productcert
Published by Siemens ProductCERT

// Description

Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to denial of service, namely: - SICAM A8000 Device firmware - CPCI85 for CP-8031/CP-8050 - SICORE for CP-8010/CP-8012 - SICAM EGS Device firmware - CPCI85 - SICAM S8000 - SICORE Siemens has released new versions for the affected products and recommends to update to the latest versions.

// Vulnerabilities (4)

CVE ID CVSS Score Severity Description
CVE-2026-54800 4.8 medium
CVE-2026-54800. The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.
CVE-2026-54798 6.5 medium
CVE-2026-54798. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions.
CVE-2026-54801 7.2 high
CVE-2026-54801. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.
CVE-2026-54799 6.7 medium
CVE-2026-54799. The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.

// Remediations (2)

Patch: Update to V26.20 or later version The firmware CPCI85 V26.20 is present within “CP-8031/CP-8050 Pa
Update to V26.20 or later version The firmware CPCI85 V26.20 is present within “CP-8031/CP-8050 Package” V26.20 https://support.industry.siemens.com/cs/ww/en/view/109804985/ and also within “SICAM EGS Package” V26.20 https://support.industry.siemens.com/cs/document/109972536/
Patch: Update to V26.20.0 or later version The firmware SICORE V26.20.0 is present within “CP-8010/CP-801
Update to V26.20.0 or later version The firmware SICORE V26.20.0 is present within “CP-8010/CP-8012 Package” V26.20 https://support.industry.siemens.com/cs/ww/en/view/109972894/ and also within “SICAM S8000 Package” V26.20 https://support.industry.siemens.com/cs/document/109818240

// References