CVE-2026-27663: CWE-770: Allocation of Resources Without Limits or Throttling in Siemens CPCI85 Central Processing/Communication
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.
AI Analysis
Technical Summary
This vulnerability (CWE-770) in Siemens CPCI85 Central Processing/Communication and RTUM85 RTU Base affects all versions before V26.10. It allows an unauthenticated remote attacker to cause a denial-of-service by sending multiple requests in remote operation mode, leading to resource exhaustion. The system fails to limit or throttle resource allocation, resulting in the inability to perform parameterization until a reset or reboot is performed. The CVSS 3.1 score is 6.5 (medium), reflecting the impact on availability without affecting confidentiality or integrity.
Potential Impact
The vulnerability causes denial-of-service by exhausting system resources through high volumes of remote requests. This prevents normal operation and requires manual intervention (reset or reboot) to restore functionality. There is no impact on data confidentiality or integrity. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Siemens vendor advisory for current remediation guidance. Until an official fix is available, consider limiting access to the affected devices' remote operation interfaces to trusted networks and monitoring for unusual request volumes to reduce the risk of resource exhaustion.
CVE-2026-27663: CWE-770: Allocation of Resources Without Limits or Throttling in Siemens CPCI85 Central Processing/Communication
Description
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-770) in Siemens CPCI85 Central Processing/Communication and RTUM85 RTU Base affects all versions before V26.10. It allows an unauthenticated remote attacker to cause a denial-of-service by sending multiple requests in remote operation mode, leading to resource exhaustion. The system fails to limit or throttle resource allocation, resulting in the inability to perform parameterization until a reset or reboot is performed. The CVSS 3.1 score is 6.5 (medium), reflecting the impact on availability without affecting confidentiality or integrity.
Potential Impact
The vulnerability causes denial-of-service by exhausting system resources through high volumes of remote requests. This prevents normal operation and requires manual intervention (reset or reboot) to restore functionality. There is no impact on data confidentiality or integrity. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Siemens vendor advisory for current remediation guidance. Until an official fix is available, consider limiting access to the affected devices' remote operation interfaces to trusted networks and monitoring for unusual request volumes to reduce the risk of resource exhaustion.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- siemens
- Date Reserved
- 2026-02-23T10:07:00.530Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69c57a7f3c064ed76f9f9d31
Added to database: 3/26/2026, 6:27:11 PM
Last enriched: 4/15/2026, 11:25:43 AM
Last updated: 5/11/2026, 5:06:21 AM
Views: 65
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.