CVE-2026-27663 | Siemens CPCI85 Central Processing Communication allocation of resources (ssa-246443)

VDB-353635 · CVE-2026-27663 · SSA-246443 SIEMENS CPCI85 CENTRAL PROCESSING COMMUNICATION ALLOCATION OF RESOURCES HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 6.3 $0-$5k 3.35+ Summaryinfo A vulnerability identified as critical has been detected in Siemens CPCI85 Central Processing Communication and RTUM85 RTU Base. The impacted element is an unknown function. This manipulation causes allocation of resources. This vulnerability is registered as CVE-2026-27663. The attack requires access to the local network. No exploit is available. You should upgrade the affected component. Detailsinfo A vulnerability was found in Siemens CPCI85 Central Processing Communication and RTUM85 RTU Base (affected version not known). It has been declared as critical. Affected by this vulnerability is some unknown functionality. The manipulation with an unknown input leads to a allocation of resources vulnerability. The CWE definition for the vulnerability is CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. As an impact it is known to affect availability. The summary by CVE is: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality. It is possible to read the advisory at cert-portal.siemens.com. This vulnerability is known as CVE-2026-27663 since 02/23/2026. The exploitation appears to be easy. The attack can only be initiated within the local network. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 03/26/2026). Upgrading eliminates this vulnerability. The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-16179). Productinfo Vendor Siemens Name CPCI85 Central Processing Communication RTUM85 RTU Base License commercial Website Vendor: https://www.siemens.com/ CPE 2.3info 🔒 🔒 CPE 2.2info 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA CVSS-B Score: 🔒 CNA CVSS-BT Score: 🔒 CNA Vector: 🔒 CVSSv3info VulDB Meta Base Score: 6.5 VulDB Meta Temp Score: 6.3 VulDB Base Score: 6.5 VulDB Temp Score: 6.2 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 6.5 CNA Vector (siemens): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Allocation of resources CWE: CWE-770 / CWE-400 / CWE-404 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Timelineinfo 02/23/2026 CVE reserved 03/26/2026 +31 days Advisory disclosed 03/26/2026 +0 days VulDB entry created 03/26/2026 +0 days VulDB entry last update Sourcesinfo Vendor: siemens.com Advisory: ssa-246443 Status: Confirmed CVE: CVE-2026-27663 (🔒) GCVE (CVE): GCVE-0-2026-27663 GCVE (VulDB): GCVE-100-353635 EUVD: 🔒 Entryinfo Created: 03/26/2026 15:32 Updated: 03/26/2026 16:35 Changes: 03/26/2026 15:32 (73), 03/26/2026 16:35 (1) Complete: 🔍 Cache ID: 99:978:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸