Description
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution.
Published: 2026-03-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Immediate Patch
AI Analysis

Impact

An out-of-bounds write flaw exists in the Siemens SICAM SIAPP SDK. The issue allows data to be written beyond the intended buffer boundaries, which can result in a denial of service or, in worst cases, arbitrary code execution. The vulnerability is a classic example of memory corruption as identified by CWE-787.

Affected Systems

Siemens SICAM SIAPP SDK versions earlier than V2.1.7 are affected. The flaw is present in all releases prior to that version.

Risk and Exploitability

The CVSS score of 7.5 labels this vulnerability as High severity, but the EPSS score of less than 1% indicates a very low probability of exploitation currently. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, the likely attack vector depends on how the SDK is exposed; if it can be called remotely, an attacker could trigger the overflow via crafted input. If the SDK is only locally accessible, the risk is reduced but the impact remains severe.

Generated by OpenCVE AI on April 16, 2026 at 09:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SIAPP SDK to version V2.1.7 or later where the out-of-bounds write is fixed.
  • If an upgrade is not immediately possible, isolate systems running the SDK behind network segmentation or firewalls to limit external access.
  • Continuously monitor system logs and error reports for abnormal crashes or memory corruption signs that may indicate exploitation attempts.

Generated by OpenCVE AI on April 16, 2026 at 09:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in Siemens SICAM SIAPP SDK Could Lead to Denial of Service or Arbitrary Code Execution

Fri, 13 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:siemens:sicam_siapp_sdk:*:*:*:*:*:*:*:*

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens sicam Siapp Sdk
Vendors & Products Siemens
Siemens sicam Siapp Sdk

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Sicam Siapp Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-03-10T16:41:09.739Z

Reserved: 2026-02-02T23:18:16.779Z

Link: CVE-2026-25569

cve-icon Vulnrichment

Updated: 2026-03-10T16:38:06.716Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:36.643

Modified: 2026-03-13T15:35:54.340

Link: CVE-2026-25569

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:00:14Z

Weaknesses