Siemens SIDIS Prime

Act Now7.5ICS-CERT ICSA-24-046-02Feb 13, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIDIS Prime before V4.0.400 contains vulnerabilities in OPC UA and OpenSSL components that allow an unauthenticated attacker with network access to reuse OPC UA client credentials, cause a denial of service in the OPC UA client, or cause a denial of service in the TLS service.

What this means

What could happen

An attacker could intercept OPC UA communications or impersonate a legitimate OPC UA client to access process data, or disrupt the availability of the SIDIS Prime system and its ability to communicate with connected servers and devices.

Who's at risk

Water authorities and utilities using SIDIS Prime (Siemens SCADA data management system) for supervisory control and data acquisition, particularly those relying on OPC UA for integration with PLCs, RTUs, and other control devices.

How it could be exploited

An attacker on the network where SIDIS Prime is deployed could intercept unencrypted OPC UA client credentials and replay them to connect as a legitimate client, or send crafted requests to the OPC UA or TLS service to trigger resource exhaustion and cause denial of service.

Prerequisites

Network access to the SIDIS Prime system (OPC UA port and TLS service port)
Unencrypted OPC UA communications (for credential reuse attacks)

remotely exploitableno authentication requiredlow complexityhigh EPSS score (67.3%)affects data integrity and availability

Exploitability

High exploit probability (EPSS 67.3%)

Affected products (1)

ProductAffected VersionsFix Status

SIDIS Prime<V4.0.4004.0.400

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDEnable encrypted communication between the OPC UA client and all OPC UA servers

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIDIS Prime to version 4.0.400 or later

Long-term hardening

0/1

HARDENINGImplement network access controls to restrict connectivity to SIDIS Prime OPC UA and TLS service ports from only authorized systems

CVEs (5)

CVE-2019-19135 CVE-2020-1967 CVE-2020-1971 CVE-2022-0778 CVE-2022-29862

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dcf796aa-f083-43bb-9bf6-5e98e7e9516d