Primary

Context

Siemens SICAM SIAPP SDK Command Injection Vulnerability Allowing Full System Compromise

Vulnerability

A command injection vulnerability has been identified in Siemens SICAM SIAPP SDK versions prior to 2.1.7. The vulnerability arises because the application constructs shell commands using strings provided by the caller and executes them. This flaw allows an attacker to manipulate the executed command, potentially leading to command injection and complete system compromise.

Impact

Exploitation of this vulnerability could result in unauthorized command execution, allowing an attacker to compromise the entire system.

Remediation

Users are advised to update to SICAM SIAPP SDK version 2.1.7 or later. The latest version can be downloaded from the Siemens GitHub repository.

Added: Mar 10, 2026, 7:21 PM

Updated: Mar 10, 2026, 7:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.7

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.7

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SICAM SIAPP SDK Command Injection Vulnerability Allowing Full System Compromise

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating