ACCORDING to Siemens ProductCERT, the SICAM SIAPP SDK contains multiple vulnerabilities that could disrupt the customer-developed SIAPP or its simulation environment, with potential impacts including denial of service, data corruption, or exploitation of the simulation environment. The advisory, released on 17 March 2026, lists SICAM SIAPP SDK versions affected as vers:intdot/<2.1.7 and notes fixes are available in V2.1.7 or later.
Affected CVEs include CVE-2026-25569 (out-of-bounds write), CVE-2026-25570 (stack overflow), CVE-2026-25571 (input length checks), CVE-2026-25572 (server component length checks), CVE-2026-25573 (command injection), and CVE-2026-25605 (file path validation), with CVSS v3 base scores ranging from 5.1 to 7.4 and severities from medium to high.
The vulnerabilities affect Siemens SICAM SIAPP SDK in critical manufacturing deployments worldwide, and Siemens stresses applying updates and using secure configuration measures to mitigate risk. The advisory also notes Acknowledgments from Siemens ProductCERT for reporting these issues to CISA.