Cyber Resilience

CVE-2026-27664

High

Published: 26 March 2026

Published
26 March 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 27.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-27664 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-27664 is an out-of-bounds write vulnerability (CWE-787) present in the CPCI85 Central Processing/Communication component across all versions prior to V26.10 and in the SICORE Base system across all versions prior to V26.10.0. The flaw occurs during the parsing of specially crafted XML inputs, which can lead to memory corruption in the affected applications.

An unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required, as reflected in its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). By transmitting a malicious XML request to the vulnerable service, the attacker triggers the out-of-bounds write, causing the service to crash and resulting in a denial-of-service condition with high availability impact.

Mitigation guidance is available in the Siemens product CERT advisory (SSA-246443) at https://cert-portal.siemens.com/productcert/html/ssa-246443.html and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2026/Apr/7, which detail patching to version V26.10 or later and other recommended protective measures.

EU & UK References

Vulnerability details

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker…

more

to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Unauthenticated network exploitation of public-facing XML parser (T1190) directly enables application/system crash via memory corruption (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-25901Shared CWE-787
CVE-2025-32008Shared CWE-787
CVE-2024-13166Shared CWE-787
CVE-2019-25654Shared CWE-787
CVE-2024-24423Shared CWE-787
CVE-2024-13165Shared CWE-787
CVE-2025-25898Shared CWE-787
CVE-2026-26740Shared CWE-787
CVE-2026-32636Shared CWE-787
CVE-2026-27816Shared CWE-787

Affected Assets

All
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the out-of-bounds write vulnerability by applying vendor patches to affected CPCI85 and SICORE versions prior to V26.10.

prevent

Validates specially crafted XML inputs to prevent malformed data from triggering the out-of-bounds write during parsing.

prevent

Implements memory safeguards such as address space randomization and non-executable regions to mitigate out-of-bounds write memory corruption leading to service crashes.

References