Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
SICAM SIAPP SDK versions < V2.1.7 can execute malicious system commands
CVE-2026-25573
Summary
If you use an outdated version of SICAM SIAPP SDK, an attacker could inject malicious system commands, potentially taking control of your system. Update to version 2.1.7 or later to fix this issue. If you can't update immediately, limit access to the system to prevent potential attacks.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| siemens | sicam_siapp_sdk | <= 2.17 | – |
Original title
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could infl...
Original description
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise.
nvd CVSS3.1
7.4
nvd CVSS4.0
8.6
Vulnerability type
CWE-73
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026