Cyber Resilience

CVE-2026-25570

High

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v4 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 5.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25570 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Siemens Sicam Siapp Sdk. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-25570, published on 2026-03-10, is a stack overflow vulnerability (CWE-121) in the SICAM SIAPP SDK, affecting all versions prior to V2.1.7. The SDK does not perform checks on input values, which can lead to a stack overflow condition.

The vulnerability has a CVSS v3.1 base score of 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). An attacker with local access can exploit it with high attack complexity and no privileges or user interaction required. Successful exploitation enables arbitrary code execution and denial of service, with high impacts on confidentiality, integrity, and availability.

Mitigation details are available in the Siemens product CERT advisory at https://cert-portal.siemens.com/productcert/html/ssa-903736.html.

EU & UK References

Vulnerability details

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack overflow. This could allow an attacker to perform code execution and denial…

more

of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stack overflow enables local arbitrary code execution (PR:N, UI:N) which directly maps to exploitation primitives for privilege escalation via vulnerable process context (T1068) and client application code execution (T1203).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25569Same product: Siemens Sicam Siapp Sdk
CVE-2026-25605Same product: Siemens Sicam Siapp Sdk
CVE-2026-25573Same product: Siemens Sicam Siapp Sdk
CVE-2025-40795Same vendor: Siemens
CVE-2026-22923Same vendor: Siemens
CVE-2019-25435Shared CWE-121
CVE-2019-25336Shared CWE-121
CVE-2018-25303Shared CWE-121
CVE-2026-33147Shared CWE-121
CVE-2020-37013Shared CWE-121

Affected Assets

siemens
sicam siapp sdk
≤ 2.17

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of input values, which the vulnerable SDK omits and thereby permits the stack overflow.

prevent

Enforces memory-protection mechanisms that block exploitation of stack overflows for code execution or DoS.

prevent

Mandates timely remediation of identified flaws, directly addressed by upgrading the SDK to the fixed V2.1.7 release.

References