Siemens SIDIS Prime

Plan Patch8.7ICS-CERT ICSA-25-100-02Apr 8, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

SIDIS Prime before V4.0.700 is affected by multiple vulnerabilities in third-party components including OpenSSL, SQLite, Boost C++ Libraries, and Microsoft components. These vulnerabilities could allow remote attackers to execute code or cause denial of service on the SIDIS Prime system.

What this means

What could happen

An attacker could execute arbitrary code on SIDIS Prime or cause the system to become unavailable, potentially disrupting process monitoring and control functions that depend on the software.

Who's at risk

Organizations using Siemens SIDIS Prime for data acquisition, historian, or supervisory monitoring in manufacturing plants, utilities, or critical infrastructure sites need to apply this update. Any facility relying on SIDIS Prime for real-time process data collection and reporting is affected.

How it could be exploited

An attacker with network access to SIDIS Prime could craft malicious input to trigger one of the underlying component vulnerabilities (OpenSSL, SQLite, Boost) via the application, potentially achieving remote code execution or denial of service without authentication.

Prerequisites

Network access to SIDIS Prime on the network segment where it runs
SIDIS Prime version prior to 4.0.700 deployed

remotely exploitablehigh CVSS score (8.7)multiple component vulnerabilitiesaffects critical monitoring software

Exploitability

Moderate exploit probability (EPSS 5.2%)

Affected products (1)

ProductAffected VersionsFix Status

SIDIS Prime<V4.0.7004.0.700

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGMinimize network exposure by restricting network access to SIDIS Prime to only authorized engineering and monitoring stations

HARDENINGPlace SIDIS Prime behind a firewall and isolate from business networks and the internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIDIS Prime to version 4.0.700 or later

Long-term hardening

0/1

HARDENINGUse Virtual Private Networks (VPNs) for any required remote access to SIDIS Prime

CVEs (14)

CVE-2022-21658 CVE-2023-2975 CVE-2023-3446 CVE-2023-4807 CVE-2023-5363 CVE-2023-5678 CVE-2023-7104 CVE-2024-0056 CVE-2024-0232 CVE-2024-0727 CVE-2024-5535 CVE-2024-9143 CVE-2024-21319 CVE-2024-30105

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/87fe5f39-b2a6-4d44-896a-c40d09338f6d