SICAM SIAPP SDK cmd injection <V2.1.7: full system compromise
CVE-2026-25573 Published on March 10, 2026

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise.

NVD

Weakness Type

External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

Affected Versions

Siemens SICAM SIAPP SDK:

Before V2.1.7 is affected.

Exploit Probability

EPSS

0.02%

Percentile

6.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

SICAM SIAPP SDK cmd injection <V2.1.7: full system compromiseCVE-2026-25573 Published on March 10, 2026

Weakness Type

External Control of File Name or Path

Affected Versions

Exploit Probability

SICAM SIAPP SDK cmd injection <V2.1.7: full system compromise
CVE-2026-25573 Published on March 10, 2026