Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2852 articles · 175156 vulns · 37/41 feeds (7d)
← Back to list
7.2
CVE-2026-54801EXPLOITEDPATCHED
siemens · cpci85 central processing/communication

CVE-2026-54801: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base syst

Description

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.

Affected Products

VendorProductVersions
siemenscpci85 central processing/communication0, 0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
siemenssicore base systemmitre_affected90%

References

  • https://cert-portal.siemens.com/productcert/html/ssa-229470.html

Related News (2 articles)

Tier B
CERT-FR4d ago
Multiples vulnérabilités dans les produits Siemens (10 juillet 2026)
→ No new info (linked only)
Tier C
VulDB5d ago
CVE-2026-54801 | Siemens CPCI85 Central Processing up to 26.19.x Web API improper authorization
→ No new info (linked only)
CVSS 3.17.2 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
null
CWECWE-620
PublishedJul 9, 2026
Last enriched5d agov2
Tags
improper authorization
Trending Score31
Source articles2
Independent2
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

MEDIUMCVE-2025-40945EXP
CVE-2025-40945: A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1),
Trending: 47
CRITICALCVE-2026-56451
CVE-2026-56451: A vulnerability has been identified in Opcenter X (All versions < V2604). Affected applications do not properly validate
Trending: 44
HIGHCVE-2026-54429
CVE-2026-54429: A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced (All versions). Affected devices do not properly handl
Trending: 38
MEDIUMCVE-2026-54799EXP
CVE-2026-54799: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base syst
Trending: 29
MEDIUMCVE-2026-54798EXP
CVE-2026-54798: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base syst
Trending: 26

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 9, 2026
Discovered by ZDM
Jul 9, 2026
Updated: description, severity, activelyExploited, patchAvailable, affectedVersions, tags
Jul 9, 2026
Actively Exploited
Jul 9, 2026
Patch Available
Jul 9, 2026

Version History

v2
Last enriched 5d ago
v2Tier C5d ago

Updated severity to CRITICAL, added affected versions up to 26.19.x, and changed exploit availability to false.

descriptionseverityactivelyExploitedpatchAvailableaffectedVersionstags
via VulDB
v15d ago

Initial creation