Description
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in denial of service or service disruption.
Published: 2026-03-10
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via unauthorized file deletion
Action: Patch Now
AI Analysis

Impact

The SICAM SIAPP SDK deletes files or sockets without validating the file path or target. An attacker who can influence the deletion operation may remove any file or socket that the process is permitted to delete, leading to denial of service or service disruption. This vulnerability maps to CWE-73, the improper validation of a path causing unintended file operations.

Affected Systems

Siemens SICAM SIAPP SDK, all versions earlier than 2.1.7.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity. EPSS is below 1%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, and no remote exploitation vectors are disclosed. Likely exploitation requires the attacker to run code on or provide input to the SDK on the target system, making it a local or privilege‑elevated threat. The impact is limited to files and sockets that the SDK process can delete, but removal of critical files could interrupt critical services.

Generated by OpenCVE AI on April 17, 2026 at 11:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SDK to version 2.1.7 or later, adding proper path validation that mitigates the CWE‑73 weakness.
  • Implement strict file‑path validation in the SDK usage, allowing only whitelisted directories to be targeted, to address the CWE‑73 improper path validation.
  • If an immediate upgrade is not feasible, run the SDK with the least privilege necessary so that even if a deletion request is processed, it cannot remove critical system files, thereby limiting the impact of the CWE‑73 flaw.

Generated by OpenCVE AI on April 17, 2026 at 11:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 12:00:00 +0000

Type Values Removed Values Added
Title Unauthorized File Deletion Leading to Denial of Service in SICAM SIAPP SDK

Thu, 12 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:siemens:sicam_siapp_sdk:*:*:*:*:*:*:*:*

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens sicam Siapp Sdk
Vendors & Products Siemens
Siemens sicam Siapp Sdk

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in denial of service or service disruption.
Weaknesses CWE-73
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Sicam Siapp Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-03-10T16:41:09.000Z

Reserved: 2026-02-03T10:47:09.380Z

Link: CVE-2026-25605

cve-icon Vulnrichment

Updated: 2026-03-10T16:37:54.201Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:37.540

Modified: 2026-03-12T17:59:47.163

Link: CVE-2026-25605

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T11:45:06Z

Weaknesses