High‑Severity DoS in Siemens SICAM 8 Products (CVE‑2026‑27663, CVE‑2026‑27664) Threatens Critical Manufacturing Operations
What It Is – Two newly disclosed vulnerabilities (CVE‑2026‑27663, CVE‑2026‑27664) affect firmware and base‑system components of Siemens SICAM 8 controllers. Both flaws enable a remote attacker to trigger uncontrolled resource consumption, leading to denial‑of‑service (DoS) conditions.
Exploitability – Public advisories confirm the vulnerabilities are exploitable over the network; no public exploit code has been released, but the attack requires only a high‑volume request pattern. CVSS v3.1 base score 7.5 (High).
Affected Products –
- CPCI85 Central Processing/Communication (versions < 26.10)
- RTUM85 RTU Base (versions < 26.10)
- SICORE Base system (versions < 26.10.0)
All are components of Siemens SICAM 8 used in process automation, remote terminal units, and supervisory control.
TPRM Impact –
- Potential service disruption at downstream manufacturers that rely on Siemens SICAM 8 for production line control.
- Increased risk of cascading failures across supply‑chain partners if a critical plant is forced offline.
Recommended Actions –
- Inventory all Siemens SICAM 8 devices and verify firmware versions.
- Apply Siemens‑provided firmware updates (≥ 26.10) immediately.
- Implement rate‑limiting or network segmentation to restrict unauthenticated traffic to control‑system interfaces.
- Monitor for abnormal traffic spikes or device reboots; integrate alerts into SIEM/ICS‑specific monitoring.
- Review third‑party contracts for clauses requiring timely patching of OT assets.
Source: CISA Advisory – ICSA‑26‑092‑01