CVE-2026-54799

Summary

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.

Affected Software

VendorProductVersion RangeStatus
SiemensCPCI85 Central Processing/Communication0 < V26.20affected
SiemensSICORE Base system0 < V26.20.0affected

Weaknesses

  • CWE-489: CWE-489: Active Debug Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References