Siemens SICAM SIAPP, Unvalidated File Deletion, CVE-2026-25605 (Medium)

Listen to this Post

A vulnerability classified as CWE-73 (External Control of File Name or Path) exists in the Siemens SICAM SIAPP SDK. The flaw resides in how the application handles file deletion operations. Specifically, the software fails to properly validate or sanitize user-controlled input that is used to construct a file path for deletion. An attacker with local access to the system can exploit this by supplying a path or name pointing to an arbitrary file or socket. Because the vulnerable process performs the deletion with its own permissions, the attacker can force it to delete files or sockets that the process has the rights to remove, even if those files are outside the intended directory. This does not lead to data confidentiality loss, but it has a high impact on integrity and availability, as critical system files, application files, or inter-process communication sockets can be deleted. The attack complexity is high, requiring the attacker to have knowledge of the system and file locations. This results in a denial of service or severe service disruption, as the deletion of essential files or sockets can cause the application or related services to crash or become inoperable. Siemens has released version V2.1.7 to address this issue .

dailycve form:

Platform: Siemens SICAM SIAPP
Version: All < V2.1.7
Vulnerability : Unvalidated file deletion
Severity: Medium (5.9)
date: 03/12/2026

Prediction: Patched in V2.1.7

What Undercode Say:

Analytics

// Identify installed version on Linux-based systems
dpkg -l | grep -i siapp
rpm -qa | grep -i SICAM-SIAPP
// Check version on Windows systems via registry
reg query "HKLM\SOFTWARE\Siemens\SICAM SIAPP" /v Version
// Simulate the vulnerable file deletion call (conceptual)
The vulnerable function might look like: DeleteFile(user_provided_path);
This demonstrates the lack of validation.
strace -e unlink,unlinkat ./vulnerable_app "payload"

Exploit:

Proof-of-Concept: Local attacker deletes a critical system socket
./siapp_sdk_tool --delete-file "/var/run/some_service.sock"
Attacker deletes an application configuration file to cause service disruption
./siapp_sdk_tool --delete-file "/opt/sicam/config/important.cfg"
Basic Python concept to demonstrate the flaw
import os
user_input = input("Enter file to delete: ")
os.remove(user_input) No path validation performed

Protection from this CVE

Primary fix: Upgrade to version 2.1.7 or later
Check Siemens Security Advisory ssa-903736 for update packages
Mitigation: Implement filesystem permissions to restrict what the process can delete
chmod 555 /var/run/critical_socket
chattr +i /opt/sicam/config/important.cfg
Use AppArmor or SELinux to confine the application
Example AppArmor profile snippet:
/path/to/siapp/bin brix,
deny /var/run/ wl,

Impact:

Denial of service. Deletion of critical files or Unix domain sockets causes immediate application failure and potential system instability until manual intervention restores the deleted objects.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top