Main Vulnerability Database Vulnerabilities #VU124015

#VU124015 External Control of File Name or Path in SICAM SIAPP SDK - CVE-2026-25605

Published: March 13, 2026

Vulnerability identifier: #VU124015

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-25605

CWE-ID: CWE-73

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SICAM SIAPP SDK

Software vendor:
Siemens

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected application performs file deletion without properly validating the file path or target. A local attacker can delete files or sockets that the affected process has permission to remove, leading to denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://cert-portal.siemens.com/productcert/html/ssa-903736.html

#VU124015 External Control of File Name or Path in SICAM SIAPP SDK - CVE-2026-25605

Description

Remediation

External links

Please verify you're human