Siemens SIDIS Prime

Plan PatchCVSS 8.7ICS-CERT ICSA-25-100-02Apr 8, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

SIDIS Prime versions before 4.0.700 contain multiple unpatched vulnerabilities in embedded third-party libraries: OpenSSL, SQLite, Boost C++ Libraries, and Microsoft components. These vulnerabilities could enable remote code execution, information disclosure, or authentication bypass depending on the specific library and attack vector. Siemens has released version 4.0.700 with fixes for these issues and recommends immediate updating to this version or later.

What this means

What could happen

Multiple unpatched vulnerabilities in third-party libraries (OpenSSL, SQLite, Boost) could allow an attacker with network access to execute code on SIDIS Prime or extract sensitive information, potentially compromising automation system visibility and control.

Who's at risk

SIDIS Prime users in water utilities, electric utilities, and other critical infrastructure that rely on this automation system for SCADA visibility and operations. SIDIS Prime versions before 4.0.700 are affected. Any deployment exposed to untrusted networks or accessed remotely without proper controls is at higher risk.

How it could be exploited

An attacker on the network could exploit these library vulnerabilities through crafted input to the SIDIS Prime service. Depending on which library is targeted (OpenSSL for encryption/authentication, SQLite for database operations, Boost for processing), the attacker could bypass security controls, read database contents, or execute arbitrary code on the system.

Prerequisites

Network connectivity to SIDIS Prime service
No authentication required for exploitation of certain library functions

remotely exploitableno authentication required for some attacksaffects automation systemaffects network-connected infrastructure device

Exploitability

Some exploitation risk — EPSS score 5.1%

Public Proof-of-Concept (PoC) on GitHub (2 repositories)

Affected products (1)

ProductAffected VersionsFix Status

SIDIS Prime<V4.0.7004.0.700

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to SIDIS Prime using firewall rules to allow connections only from authorized engineering workstations and control system networks

HARDENINGIsolate SIDIS Prime behind a firewall from business networks and block internet-facing access to the system

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIDIS Prime to version 4.0.700 or later

HARDENINGRequire VPN for any remote access to SIDIS Prime and ensure VPN is kept current with the latest security patches

CVEs (14)

CVE-2023-3446 CVE-2024-5535 CVE-2023-5678 CVE-2023-7104 CVE-2022-21658 CVE-2023-2975 CVE-2023-4807 CVE-2023-5363 CVE-2024-0056 CVE-2024-0232 CVE-2024-0727 CVE-2024-9143 CVE-2024-21319 CVE-2024-30105

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/87fe5f39-b2a6-4d44-896a-c40d09338f6d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.