Siemens SICAM 8 Products

Plan PatchCVSS 7.5ICS-CERT ICSA-26-092-01Mar 26, 2026

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple SICAM 8 firmware components contain resource allocation and memory buffer vulnerabilities (CWE-770, CWE-787) that can be triggered by crafted network packets to cause denial of service. Affected products include CPCI85, RTUM85, and SICORE firmware running in SICAM A8000 and S8000 substations and RTU controllers CP-8010, CP-8012, CP-8031, and CP-8050. A successful attack could crash the device, requiring manual restart and interrupting grid or water system operations.

What this means

What could happen

An attacker could send crafted network packets to crash SICAM 8 devices, causing a denial of service that interrupts critical power grid or water system monitoring and control operations. The affected devices would require manual restart to resume operations.

Who's at risk

SCADA operators and engineers at electric utilities and water authorities who use SICAM 8 products (CPCI85, RTUM85, SICORE) in RTU controllers (CP-8010, CP-8012, CP-8031, CP-8050) and SICAM A8000 or S8000 substations. These devices directly monitor and control power distribution and water treatment operations.

How it could be exploited

An attacker with network access to the SICAM 8 device (port 502 for MODBUS or the device management interface) can send specially crafted packets that trigger a resource allocation or memory buffer flaw, causing the device to crash. No credentials or user interaction are required.

Prerequisites

Network access to the SICAM 8 device management interface or MODBUS port (typically 502)
No authentication required
No special device configuration needed

remotely exploitableno authentication requiredlow complexity attackaffects critical infrastructure operationsdenial of service

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

CPCI85 Central Processing/Communication< 26.1026.10

RTUM85 RTU Base< 26.1026.10

SICORE Base system< 26.10.026.10.0

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to SICAM 8 device management interfaces to trusted engineering workstations and monitoring systems only

WORKAROUNDImplement firewall rules to block unsolicited traffic to MODBUS port 502 and device management ports from untrusted networks

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CPCI85 firmware to version 26.10 or later

HOTFIXUpdate RTUM85 firmware to version 26.10 or later

HOTFIXUpdate SICORE firmware to version 26.10.0 or later

CVEs (2)

CVE-2026-27663 CVE-2026-27664

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/85a3c2fa-8917-425f-9fb3-b3a0488626f8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.