Description
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.
Published: 2026-03-10
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

The vulnerability arises from the lack of input length validation in the server component of Siemens SICAM SIAPP SDK. An attacker can send an oversized payload that triggers a stack overflow, potentially crashing the service. This flaw can lead to a denial of service by causing the application to terminate unexpectedly.

Affected Systems

The affected product is Siemens SICAM SIAPP SDK, with all versions prior to V2.1.7 impacted. Administrators should verify if their deployments run a vulnerable version and plan an upgrade accordingly.

Risk and Exploitability

The CVSS base score of 5.9 indicates a moderate risk level, and the EPSS score of less than 1% suggests a very low likelihood of exploitation in the wild. The flaw is not listed in the CISA KEV catalog. The most likely attack vector is remote, as the server component communicates over the network, but this is inferred from the description rather than explicitly stated. Because the vulnerability only leads to service crashes, it represents a denial of service rather than code execution.

Generated by OpenCVE AI on April 17, 2026 at 11:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Siemens SICAM SIAPP SDK version V2.1.7 or later to obtain the fixed stack overflow protection.
  • If upgrading immediately is not feasible, implement custom input size checks on the server component to reject oversized payloads before processing.
  • Monitor application logs for signs of unexpected crashes or stack overflows and apply any available vendor advisories promptly.

Generated by OpenCVE AI on April 17, 2026 at 11:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Unvalidated Length Input Causes Stack Overflow in Siemens SICAM SIAPP SDK

Fri, 13 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:siemens:sicam_siapp_sdk:*:*:*:*:*:*:*:*

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens sicam Siapp Sdk
Vendors & Products Siemens
Siemens sicam Siapp Sdk

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.
Weaknesses CWE-130
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Sicam Siapp Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-03-10T16:41:09.311Z

Reserved: 2026-02-02T23:19:09.478Z

Link: CVE-2026-25572

cve-icon Vulnrichment

Updated: 2026-03-10T16:37:58.445Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:37.190

Modified: 2026-03-13T15:37:18.823

Link: CVE-2026-25572

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:00:11Z

Weaknesses