CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in denial of service or service disruption.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.4 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-903736.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:sicam_siapp_sdk:*:*:*:*:*:*:*:*

History

12 Mar 2026, 17:34

Type	Values Removed	Values Added
First Time		Siemens sicam Siapp Sdk Siemens
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-903736.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-903736.html - Vendor Advisory
CPE		cpe:2.3:a:siemens:sicam_siapp_sdk::::::::
Summary		(es) Se ha identificado una vulnerabilidad en el SDK de SICAM SIAPP (todas las versiones < V2.1.7). La aplicación afectada realiza la eliminación de archivos sin validar correctamente la ruta o el destino del archivo. Un atacante podría eliminar archivos o sockets que el proceso afectado tiene permiso para eliminar, lo que podría resultar en denegación de servicio o interrupción del servicio.

10 Mar 2026, 18:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 18:18

Updated : 2026-03-12 17:59

NVD link : CVE-2026-25605

Mitre link : CVE-2026-25605

CVE.ORG link : CVE-2026-25605

JSON object : View

Products Affected

siemens

sicam_siapp_sdk

CWE

CWE-73

External Control of File Name or Path

{"id": "CVE-2026-25605", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-10T18:18:37.540", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-903736.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-73"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in denial of service or service disruption."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en el SDK de SICAM SIAPP (todas las versiones < V2.1.7). La aplicaci\u00f3n afectada realiza la eliminaci\u00f3n de archivos sin validar correctamente la ruta o el destino del archivo. Un atacante podr\u00eda eliminar archivos o sockets que el proceso afectado tiene permiso para eliminar, lo que podr\u00eda resultar en denegaci\u00f3n de servicio o interrupci\u00f3n del servicio."}], "lastModified": "2026-03-12T17:59:47.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sicam_siapp_sdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C92AE80-D07C-484A-9F56-5A0B25F8D249", "versionEndExcluding": "2.17"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}