{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27663", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2026-02-23T10:07:00.530Z", "datePublished": "2026-03-26T14:03:20.787Z", "dateUpdated": "2026-04-14T18:24:38.079Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-03-26T14:03:20.787Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85\u00a0RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality."}], "affected": [{"vendor": "Siemens", "product": "CPCI85 Central Processing/Communication", "versions": [{"status": "affected", "version": "0", "lessThan": "V26.10", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "RTUM85\u00a0RTU Base", "versions": [{"status": "affected", "version": "0", "lessThan": "V26.10", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "baseScore": 7.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-246443.html"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-28T02:21:26.495215Z", "id": "CVE-2026-27663", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T02:21:37.494Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2026/Apr/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-14T18:24:38.079Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2026/Apr/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-14T18:24:38.079Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27663", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-28T02:21:26.495215Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T02:21:33.746Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "CPCI85 Central Processing/Communication", "versions": [{"status": "affected", "version": "0", "lessThan": "V26.10", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "RTUM85\u00a0RTU Base", "versions": [{"status": "affected", "version": "0", "lessThan": "V26.10", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-246443.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85\u00a0RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-03-26T14:03:20.787Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27663", "state": "PUBLISHED", "dateUpdated": "2026-04-14T18:24:38.079Z", "dateReserved": "2026-02-23T10:07:00.530Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2026-03-26T14:03:20.787Z", "assignerShortName": "siemens"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85\u00a0RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en CPCI85 Procesamiento/Comunicaci\u00f3n Central (Todas las versiones &lt; V26.10), RTUM85 Base RTU (Todas las versiones &lt; V26.10). La aplicaci\u00f3n afectada contiene una vulnerabilidad de denegaci\u00f3n de servicio (DoS). El modo de operaci\u00f3n remoto es susceptible a una condici\u00f3n de agotamiento de recursos cuando se somete a un alto volumen de solicitudes. El env\u00edo de m\u00faltiples solicitudes puede agotar los recursos, impidiendo la parametrizaci\u00f3n y requiriendo un reinicio o un rearranque para restaurar la funcionalidad."}], "id": "CVE-2026-27663", "lastModified": "2026-04-14T19:16:34.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "productcert@siemens.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2026-03-26T15:16:34.147", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-246443.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2026/Apr/6"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "productcert@siemens.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V26.10)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "matching", "scores": [{"score": 99.0, "source": "matching"}]}, "original": {"product": "CPCI85 Central Processing/Communication", "source": "cna", "vendor": "Siemens"}, "product": "cpci85_central_processing\\/communication", "vendor": "siemens"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V26.10)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RTUM85\u00a0RTU Base", "source": "cna", "vendor": "Siemens"}, "product": "rtum85\u00a0rtu_base", "vendor": "siemens"}], "analysis": {"en": {"generated_at": "2026-03-26T15:57:39.468202+00:00", "value": {"mitigation_remediation": ["Update to firmware version V26.10 or later for CPCI85 and RTUM85 as released by Siemens.", "Restrict network access to the remote operation interface to authorized systems only.", "Implement rate limiting or firewall rules to throttle excessive request traffic toward the device.", "If a patch is not immediately available, consider disabling the remote operation mode or isolating the device from the network."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Siemens CPCI85 Central Processing/Communication (all versions prior to V26.10) and Siemens RTUM85 RTU Base (all versions prior to V26.10) are affected. Only these pre\u2011V26.10 builds are vulnerable; newer releases are presumed fixed.", "description_and_impact": "A denial\u2011of\u2011service vulnerability has been identified in the remote operation mode of Siemens CPCI85 Central Processing/Communication and RTUM85 RTU Base. The flaw allows an attacker to flood the device with a high volume of requests, exhausting internal resources such as memory or processing queues, which in turn prevents the proper handling of legitimate requests and forces the device to reset or reboot to regain functionality. The weakness is classified as resource exhaustion (CWE-770).", "risk_and_exploitability": "The CVSS score of 7.1 indicates a moderate to high impact that is feasible for remote exploitation; no authentication is required and the attacker only needs the ability to send repeated requests to the target. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting exploitation may be uncommon but still plausible, especially in environments where the remote operation mode is exposed without adequate controls. Unauthorized remote attackers can induce service disruption without affecting confidentiality or integrity of the device\u2019s configuration."}}}}, "created": "2026-03-27T08:34:11.277436+00:00", "title": "Denial of Service via Resource Exhaustion in Siemens CPCI85 and RTUM85", "updated": "2026-03-27T09:26:38.610369+00:00", "vendors": ["siemens", "siemens$PRODUCT$cpci85_central_processing\\/communication", "siemens$PRODUCT$rtum85\u00a0rtu_base"]}