Description
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.
Published: 2026-03-10
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Stack Overflow
Action: Apply Patch
AI Analysis

Impact

The SICAM SIAPP SDK does not enforce maximum length checks on certain client variables. An attacker can transmit an oversized input that causes a stack overflow, leading to a process crash and a denial‑of‑service condition. This flaw directly compromises availability without affecting confidentiality or integrity.

Affected Systems

Siemens SICAM SIAPP SDK, versions earlier than 2.1.7. The vulnerability applies to all affected deployments of this SDK component.

Risk and Exploitability

The CVSS score of 5.9 indicates a moderate severity. The EPSS score is below 1%, suggesting a very low likelihood of exploitation in the wild. The flaw is not listed in CISA’s KEV catalog, and no active exploit has been reported. The attack vector is likely remote or local client‑side input, inferred from the description that the flaw occurs in the client component when receiving oversized data. An attacker would need to supply the crafted input to trigger the stack overflow, which would then crash the process. Given the low exploitation probability, immediate patching is still recommended due to the availability impact.

Generated by OpenCVE AI on April 17, 2026 at 11:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to SICAM SIAPP SDK version 2.1.7 or later, which includes the stack‑overflow fix.
  • Apply input validation to all variables that previously lacked maximum length checks, limiting data to safe boundaries.
  • Implement monitoring to detect sudden crashes or memory exhaustion events related to the SDK.
  • If a patch is not available immediately, limit user access to the SDK’s input interfaces and ensure proper permissions to reduce the attack surface.

Generated by OpenCVE AI on April 17, 2026 at 11:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow via Oversized Input in SICAM SIAPP SDK

Fri, 13 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:siemens:sicam_siapp_sdk:*:*:*:*:*:*:*:*

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens sicam Siapp Sdk
Vendors & Products Siemens
Siemens sicam Siapp Sdk

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.
Weaknesses CWE-130
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Sicam Siapp Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-03-10T16:41:09.458Z

Reserved: 2026-02-02T23:19:09.478Z

Link: CVE-2026-25571

cve-icon Vulnrichment

Updated: 2026-03-10T16:38:01.311Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:37.010

Modified: 2026-03-13T15:36:44.620

Link: CVE-2026-25571

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:00:11Z

Weaknesses