CVE-2026-27664

High

Published: 26 March 2026

Published

26 March 2026

Modified

14 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0006 17.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27664 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the out-of-bounds write vulnerability by applying vendor patches to affected CPCI85 and SICORE versions prior to V26.10.

SI-10 Information Input Validation good match

prevent

Validates specially crafted XML inputs to prevent malformed data from triggering the out-of-bounds write during parsing.

SI-16 Memory Protection good match

prevent

Implements memory safeguards such as address space randomization and non-executable regions to mitigate out-of-bounds write memory corruption leading to service crashes.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Unauthenticated network exploitation of public-facing XML parser (T1190) directly enables application/system crash via memory corruption (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker…

to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.

Deeper analysisAI

CVE-2026-27664 is an out-of-bounds write vulnerability (CWE-787) present in the CPCI85 Central Processing/Communication component across all versions prior to V26.10 and in the SICORE Base system across all versions prior to V26.10.0. The flaw occurs during the parsing of specially crafted XML inputs, which can lead to memory corruption in the affected applications.

An unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required, as reflected in its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). By transmitting a malicious XML request to the vulnerable service, the attacker triggers the out-of-bounds write, causing the service to crash and resulting in a denial-of-service condition with high availability impact.

Mitigation guidance is available in the Siemens product CERT advisory (SSA-246443) at https://cert-portal.siemens.com/productcert/html/ssa-246443.html and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2026/Apr/7, which detail patching to version V26.10 or later and other recommended protective measures.