Siemens SICAM 8 Products

Plan Patch7.5ICS-CERT ICSA-26-092-01Mar 26, 2026

Siemens

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple SICAM 8 products contain vulnerabilities in the SICAM A8000, SICAM EGS, and SICAM S8000 device firmware that could lead to denial of service. Affected components include: - CPCI85 Central Processing/Communication Unit (versions before 26.10) - RTUM85 RTU Base (versions before 26.10) - SICORE Base system (versions before 26.10.0) These vulnerabilities involve improper resource management (CWE-770) and out-of-bounds memory access (CWE-787), both reachable over the network without authentication or user interaction.

What this means

What could happen

An attacker can send crafted network packets to cause the CPCI85, RTUM85, or SICORE device to stop responding, interrupting communication and control functions in your SICAM-based energy management infrastructure.

Who's at risk

Organizations operating Siemens SICAM 8-based energy management systems should prioritize this advisory. This affects CPCI85 Central Processing/Communication Units in CP-8031/CP-8050 and SICAM EGS deployments; RTUM85 Remote Terminal Units in CP-8010/CP-8012 and SICAM S8000 systems; and SICORE Base systems in CP-8010/CP-8012 and SICAM S8000 configurations. Any electric utility or municipal authority using these Siemens control and communication platforms for generation, transmission, or distribution automation is affected.

How it could be exploited

An attacker on the network sends specially crafted packets to the affected device's network port. The device processes the packet incorrectly, exhausting resources or writing data outside intended memory boundaries, causing the device to crash or become unresponsive.

Prerequisites

Network access to the affected device (CPCI85, RTUM85, or SICORE)
Device running firmware version before 26.10 (or 26.10.0 for SICORE)
No authentication required

remotely exploitableno authentication requiredlow complexityaffects energy management and automation systemsdenial of service impact on critical infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

CPCI85 Central Processing/Communication< 26.1026.10

RTUM85 RTU Base< 26.1026.10

SICORE Base system< 26.10.026.10.0

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict network access to CPCI85, RTUM85, and SICORE devices to only authorized control network segments using firewall rules or network segmentation

HARDENINGVerify and document which SICAM 8 components are deployed in your environment and their current firmware versions

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CPCI85 firmware to version 26.10 or later via the CP-8031/CP-8050 Package or SICAM EGS Package

HOTFIXUpdate RTUM85 firmware to version 26.10 or later via the CP-8010/CP-8012 Package or SICAM S8000 Package

HOTFIXUpdate SICORE firmware to version 26.10.0 or later via the CP-8010/CP-8012 Package or SICAM S8000 Package

CVEs (2)

CVE-2026-27663 CVE-2026-27664

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/85a3c2fa-8917-425f-9fb3-b3a0488626f8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.