SICAM SIAPP SDK cmd injection <V2.1.7: full system compromise
CVE-2026-25573 Published on March 10, 2026

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise.

NVD

Weakness Type

External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

Affected Versions

Siemens SICAM SIAPP SDK:

Before V2.1.7 is affected.

SICAM SIAPP SDK cmd injection <V2.1.7: full system compromiseCVE-2026-25573 Published on March 10, 2026

Weakness Type

External Control of File Name or Path

Affected Versions

SICAM SIAPP SDK cmd injection <V2.1.7: full system compromise
CVE-2026-25573 Published on March 10, 2026