CVE-2026-27663

low-risk

Published 2026-03-26

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

References (2)

https://cert-portal.siemens.com/productcert/html/ssa-246443.html

http://seclists.org/fulldisclosure/2026/Apr/6

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal