Siemens SICAM SIAPP SDK

Plan Patch7.4ICS-CERT ICSA-26-076-04Mar 17, 2026

Attack VectorLocal

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

SICAM SIAPP SDK contains multiple buffer overflow and memory corruption vulnerabilities (CWE-787, CWE-121, CWE-130, CWE-73) that could allow a local attacker to disrupt customer-developed SIAPP applications, corrupt application data, or exploit the simulation environment. Exploitation requires either improper API usage during application development or missing hardening measures in SIAPP implementations. Siemens has released a patched version.

What this means

What could happen

An attacker could corrupt SIAPP data, cause denial of service in the application, or exploit the simulation environment. This impacts organizations developing or simulating manufacturing control applications built on the SICAM platform.

Who's at risk

Manufacturing organizations and system integrators developing or simulating control applications using SICAM SIAPP SDK. This particularly affects development teams, QA/test environments, and simulation labs where custom SIAPP applications are built or validated before deployment to production manufacturing systems.

How it could be exploited

An attacker with local access to a system running SICAM SIAPP SDK could exploit multiple buffer overflow and improper API usage vulnerabilities (CWE-787, CWE-121, CWE-130, CWE-73) to corrupt application data or disrupt the SIAPP or its simulation environment. Exploitation requires improper API usage or missing hardening measures in the SDK implementation.

Prerequisites

Local access to the development or simulation system running SICAM SIAPP SDK
SIAPP or simulation environment using the SDK with improper API usage or insufficient hardening measures
Version of SICAM SIAPP SDK prior to 2.1.7

Buffer overflow vulnerabilities (CWE-787, CWE-121)Low complexity attack (local access required)Improper API usage can enable exploitationNo authentication required for local exploitation

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

SICAM SIAPP SDK< 2.1.72.1.7

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SICAM SIAPP SDK to version 2.1.7 or later

HARDENINGReview SIAPP code for improper API usage and apply hardening measures to SDK implementations

HARDENINGIsolate development and simulation environments from business networks and ensure they are not accessible from the internet

Long-term hardening

0/1

HARDENINGRestrict local access to systems running SICAM SIAPP SDK to authorized personnel only

CVEs (6)

CVE-2026-25570 CVE-2026-25572 CVE-2026-25605 CVE-2026-25569 CVE-2026-25571 CVE-2026-25573

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/eb47f50c-d359-4851-9df2-814fcb68be4a