Multiple Vulnerabilities in SIDIS Prime before V4.0.400
Act Now7.5SSA-108696Feb 13, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SIDIS Prime before V4.0.400 contains multiple vulnerabilities in OPC UA and OpenSSL components (CWE-330, CWE-476, CWE-835). An unauthenticated attacker with network access can reuse OPC UA client credentials, create denial of service conditions in the OPC UA client, or create denial of service conditions in the TLS service.
What this means
What could happen
An attacker on your network could reuse OPC UA client credentials to access process data and control communications, or crash the OPC UA client and TLS service, disrupting communication between your SIDIS Prime system and connected industrial devices.
Who's at risk
Water authorities and utilities using Siemens SIDIS Prime for SCADA data integration and process monitoring. This affects any facility relying on OPC UA communications between SIDIS Prime and PLCs, RTUs, or historian systems for real-time operational visibility.
How it could be exploited
An attacker on the network where SIDIS Prime is installed sends specially crafted network packets to the OPC UA or TLS service. No authentication is required. This causes the client credentials to be reusable or crashes the OPC UA client or TLS service, stopping communications with control systems.
Prerequisites
- Network access to SIDIS Prime OPC UA service port
- Network access to SIDIS Prime TLS service port
- No authentication required
remotely exploitableno authentication requiredlow complexityhigh EPSS score (67.3%)affects communications and monitoring systems
Exploitability
High exploit probability (EPSS 67.3%)
Affected products (1)
ProductAffected VersionsFix Status
SIDIS Prime<V4.0.4004.0.400
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIDIS Prime to version 4.0.400 or later
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/cd5faace-9182-4fd5-bc0c-807517bc3754