CVE-2026-54800

Summary

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.

Affected Software

VendorProductVersion RangeStatus
SiemensCPCI85 Central Processing/Communication0 < V26.20affected
SiemensSICORE Base system0 < V26.20.0affected

Weaknesses

  • CWE-1188: CWE-1188: Initialization of a Resource with an Insecure Default

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References