Siemens Product Vulnerabilities Allow Remote Denial of Service
Summary
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Siemens products, including CPCI85 Central Processing/Communication and SICORE Base system. These vulnerabilities allow for remote denial of service attacks. Affected versions are prior to 26.10. Customers are advised to consult Siemens' security bulletin for patch information.
What changed
CERT-FR, the French national cybersecurity agency, has issued an advisory (CERTFR-2026-AVI-0364) detailing multiple vulnerabilities in Siemens products. Specifically, CPCI85 Central Processing/Communication versions earlier than 26.10 and SICORE Base system versions earlier than 26.10.0 are affected. These vulnerabilities, identified by CVE-2026-27663 and CVE-2026-27664, can be exploited by attackers to cause a remote denial of service (DoS).
Organizations using the affected Siemens products must immediately consult Siemens' security bulletin SSA-246443 for remediation guidance and apply the necessary patches or updates. Failure to address these vulnerabilities could lead to service disruptions and potential operational impacts. The advisory highlights the critical need for timely patching of industrial control systems and related infrastructure to mitigate cybersecurity risks.
What to do next
- Consult Siemens security bulletin SSA-246443 for remediation guidance.
- Apply available patches or updates to affected Siemens products (CPCI85 and SICORE Base system versions prior to 26.10.0).
Source document (simplified)
Premier Ministre S.G.D.S.N
Agence nationale
de la sécurité des
systèmes d'information
Paris, le 27 mars 2026 N° CERTFR-2026-AVI-0364 Affaire suivie par: CERT-FR
Avis du CERT-FR
Objet: Multiples vulnérabilités dans les produits Siemens
Gestion du document
| Référence | CERTFR-2026-AVI-0364 |
| Titre | Multiples vulnérabilités dans les produits Siemens |
| Date de la première version | 27 mars 2026 |
| Date de la dernière version | 27 mars 2026 |
| Source(s) | Bulletin de sécurité Siemens SSA-246443 du 26 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.
Risque
- Déni de service à distance
Systèmes affectés
- CPCI85 Central Processing/Communication versions antérieures à 26.10
- SICORE Base system versions antérieures à 26.10.0
Résumé
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Documentation
- Bulletin de sécurité Siemens SSA-246443 du 26 mars 2026
- https://cert-portal.siemens.com/productcert/html/ssa-246443.html
- Référence CVE CVE-2026-27663
- https://www.cve.org/CVERecord?id=CVE-2026-27663
- Référence CVE CVE-2026-27664
- https://www.cve.org/CVERecord?id=CVE-2026-27664
Gestion détaillée du document
- le 27 mars 2026 Version initiale
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-FR Security Advisories publishes new changes.