Siemens SICAM SIAPP SDK

Plan PatchCVSS 7.4ICS-CERT ICSA-26-076-04Mar 10, 2026

SiemensManufacturing

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

SICAM SIAPP SDK contains multiple buffer overflow and input validation vulnerabilities (CWE-787, CWE-121, CWE-130, CWE-73) that could allow an attacker to disrupt customer-developed SIAPP applications or their simulation environments. These vulnerabilities are exploitable only if the API is used improperly by the customer application or hardening measures are not applied. Potential impacts include denial of service within SIAPP, corruption of SIAPP data, or compromise of the simulation environment. Siemens has released version 2.1.7 which addresses these issues.

What this means

What could happen

An attacker exploiting improper API usage could cause denial of service within SIAPP applications, corrupt SIAPP data, or compromise the simulation environment used for testing and configuration.

Who's at risk

Development teams and system integrators using Siemens SICAM SIAPP SDK to build industrial applications in manufacturing environments. This affects both custom application development and simulation/testing environments used to validate SIAPP logic before deployment to manufacturing control systems.

How it could be exploited

An attacker with local or network access to a system running SICAM SIAPP SDK could exploit buffer overflow or improper input validation vulnerabilities (CWE-787, CWE-121, CWE-130) in the SDK API if the customer application does not properly validate or handle API calls. This could lead to arbitrary code execution or memory corruption in the SIAPP runtime.

Prerequisites

Local or network access to the system running SICAM SIAPP SDK
Customer-developed SIAPP application that uses the vulnerable SDK API improperly or without additional hardening
Ability to trigger the vulnerable API function with malformed input

Local or network exploitableLow exploit complexityHigh impact on data integrity and availabilityAffects engineering/simulation environments that could influence production systems

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

SICAM SIAPP SDK< 2.1.72.1.7

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to systems running SICAM SIAPP SDK and SIAPP applications; ensure they are not directly accessible from the internet or business networks

HARDENINGIsolate SIAPP simulation and development environments behind firewalls on separate network segments from production control systems and business networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SICAM SIAPP SDK to version 2.1.7 or later

Long-term hardening

0/1

HARDENINGReview custom SIAPP applications to ensure API calls properly validate and sanitize all input data before passing to SICAM SIAPP SDK

CVEs (6)

CVE-2026-25570 CVE-2026-25572 CVE-2026-25605 CVE-2026-25569 CVE-2026-25571 CVE-2026-25573

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/eb47f50c-d359-4851-9df2-814fcb68be4a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.