Description
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.
Published: 2026-03-26
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

A denial‑of‑service vulnerability has been identified in the remote operation mode of Siemens CPCI85 Central Processing/Communication and RTUM85 RTU Base. The flaw allows an attacker to flood the device with a high volume of requests, exhausting internal resources such as memory or processing queues, which in turn prevents the proper handling of legitimate requests and forces the device to reset or reboot to regain functionality. The weakness is classified as resource exhaustion (CWE-770).

Affected Systems

Siemens CPCI85 Central Processing/Communication (all versions prior to V26.10) and Siemens RTUM85 RTU Base (all versions prior to V26.10) are affected. Only these pre‑V26.10 builds are vulnerable; newer releases are presumed fixed.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate to high impact that is feasible for remote exploitation; no authentication is required and the attacker only needs the ability to send repeated requests to the target. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting exploitation may be uncommon but still plausible, especially in environments where the remote operation mode is exposed without adequate controls. Unauthorized remote attackers can induce service disruption without affecting confidentiality or integrity of the device’s configuration.

Generated by OpenCVE AI on March 26, 2026 at 15:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to firmware version V26.10 or later for CPCI85 and RTUM85 as released by Siemens.
  • Restrict network access to the remote operation interface to authorized systems only.
  • Implement rate limiting or firewall rules to throttle excessive request traffic toward the device.
  • If a patch is not immediately available, consider disabling the remote operation mode or isolating the device from the network.

Generated by OpenCVE AI on March 26, 2026 at 15:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Title Denial of Service via Resource Exhaustion in Siemens CPCI85 and RTUM85

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens cpci85 Central Processing\/communication
Siemens rtum85 rtu Base
Vendors & Products Siemens
Siemens cpci85 Central Processing\/communication
Siemens rtum85 rtu Base

Thu, 26 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Cpci85 Central Processing\/communication Rtum85 rtu Base
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-03-28T02:21:37.494Z

Reserved: 2026-02-23T10:07:00.530Z

Link: CVE-2026-27663

cve-icon Vulnrichment

Updated: 2026-03-28T02:21:33.746Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-26T15:16:34.147

Modified: 2026-03-30T13:26:50.827

Link: CVE-2026-27663

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:26:38Z

Weaknesses