Multiple vulnerabilities in Siemens products (July 10, 2026)
Multiple vulnerabilities have been discovered in Siemens products. Some of them allow an attacker to cause arbitrary code execution, privilege escalation, and remote denial of service.
CSIRTS triage
- What
- Multiple vulnerabilities in Siemens products could allow arbitrary code execution, privilege escalation, and remote denial of service.
- Who is affected
- Users of affected Siemens products.
- Urgency
- Remediation is urgent due to the potential for significant impact from exploitation.
- Action
- Update to the latest versions of Siemens products.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0860/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-547980.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 15% of all scored CVEs.
- Low exploitation riskCVE-2026-548010.34% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 26% of all scored CVEs.
- Low exploitation riskCVE-2026-547990.13% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 3% of all scored CVEs.
- Low exploitation riskCVE-2026-548000.15% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-54798 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-54801 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-54799 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-54800 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- highCVE-2026-54801: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions <…nvd
- mediumCVE-2026-54800: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions <…nvd
- mediumCVE-2026-54799: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions <…nvd
- mediumCVE-2026-54798: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions <…nvd
Recent advisories for Siemens products
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownSiemens Products using OpenSSLcisa · 2026-06-23
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10