OPC UA Security Disabled in Siemens CPCI85 & SICORE Base <26.20 Exploit
CVE-2026-54800 Published on July 9, 2026

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.

NVD

Weakness Type

Insecure Default Initialization of Resource

The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.


Affected Versions

Siemens CPCI85 Central Processing/Communication: Siemens SICORE Base system: