Siemens SIDIS Prime
Plan Patch8.7ICS-CERT ICSA-26-071-03Mar 12, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
SIDIS Prime versions before 4.0.800 are affected by multiple vulnerabilities in bundled third-party components including OpenSSL, SQLite, and Node.js packages. The vulnerabilities span multiple CWE categories including buffer overflows (CWE-125, CWE-787), inadequate encryption validation (CWE-295), improper input validation (CWE-20), command injection (CWE-78), path traversal (CWE-22), and others. Siemens has released version 4.0.800 to address these issues.
What this means
What could happen
An attacker with network access to SIDIS Prime could exploit these vulnerabilities to execute arbitrary code, modify data, or bypass authentication controls on manufacturing operations systems that depend on SIDIS Prime for configuration or monitoring. This could result in unauthorized changes to production parameters, system downtime, or data loss.
Who's at risk
Manufacturing operations that use Siemens SIDIS Prime for production system configuration, monitoring, or control. This includes facility operators, process engineers, and IT staff responsible for manufacturing execution systems (MES) and industrial automation infrastructure.
How it could be exploited
An attacker on the network segment containing SIDIS Prime could send specially crafted network requests to vulnerable OpenSSL, SQLite, or Node.js libraries running within SIDIS Prime to trigger buffer overflows, authentication bypass, or command injection. Depending on the specific vulnerability exploited, this could lead to remote code execution on the SIDIS Prime system with the privileges of the application process.
Prerequisites
- Network access to SIDIS Prime on the port(s) it listens on (typically HTTP/HTTPS)
- SIDIS Prime version before 4.0.800 installed and running
remotely exploitableaffects manufacturing systemsmultiple vulnerabilities in third-party componentslow exploit probability but high CVSS score
Exploitability
Moderate exploit probability (EPSS 1.4%)
Affected products (1)
ProductAffected VersionsFix Status
SIDIS Prime< 4.0.8004.0.800
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDRestrict network access to SIDIS Prime from non-manufacturing systems using firewall rules; block inbound access from the internet
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIDIS Prime to version 4.0.800 or later
Long-term hardening
0/2HARDENINGLocate SIDIS Prime behind a network perimeter firewall and isolate the manufacturing network from business/office networks
HARDENINGIf remote access to SIDIS Prime is required, implement a VPN connection and keep the VPN software updated
CVEs (23)
CVE-2024-29857CVE-2024-30171CVE-2024-30172CVE-2024-41996CVE-2025-6965CVE-2025-7783CVE-2025-9230CVE-2025-9232CVE-2025-9670CVE-2025-12816CVE-2025-15284CVE-2025-58751CVE-2025-58752CVE-2025-58754CVE-2025-62522CVE-2025-64718CVE-2025-64756CVE-2025-66030CVE-2025-66031CVE-2025-66035CVE-2025-66412CVE-2025-69277CVE-2026-22610
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/075dac19-557a-4c35-9580-5227ad55be29