Multiple Vulnerabilities in SIDIS Prime Before V4.0.800
Plan Patch8.7SSA-485750Mar 10, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
SIDIS Prime before V4.0.800 contains multiple vulnerabilities in third-party components including OpenSSL, SQLite, and Node.js packages. These vulnerabilities span input validation weaknesses (CWE-20), improper certificate validation (CWE-295), buffer overflows (CWE-787), path traversal (CWE-22), command injection (CWE-78), and cryptographic weaknesses (CWE-330). The vulnerabilities enable remote attackers without valid credentials to compromise system confidentiality and integrity. Siemens has released version 4.0.800 which addresses these issues.
What this means
What could happen
An attacker with network access could exploit multiple vulnerabilities in SIDIS Prime to gain unauthorized access, modify system data, or bypass security controls. This could lead to unauthorized changes to supervision parameters, data manipulation, or system compromise.
Who's at risk
Organizations using Siemens SIDIS Prime for system supervision and control, particularly in process industries and manufacturing, should prioritize this update. SIDIS Prime is commonly deployed as a supervision station for industrial automation systems.
How it could be exploited
An attacker could leverage network-accessible vulnerabilities in OpenSSL, SQLite, or Node.js components to bypass authentication, conduct man-in-the-middle attacks on encrypted communications, or exploit input validation weaknesses. The attack requires network access to the SIDIS Prime system but does not require valid credentials or user interaction.
Prerequisites
- Network access to SIDIS Prime system
- SIDIS Prime version prior to 4.0.800
remotely exploitableno authentication requiredmultiple vulnerability typesaffects control system supervisionhigh CVSS score (8.7)
Exploitability
Moderate exploit probability (EPSS 1.4%)
Affected products (1)
ProductAffected VersionsFix Status
SIDIS Prime< 4.0.8004.0.800
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIDIS Prime to version 4.0.800 or later
CVEs (23)
CVE-2024-29857CVE-2024-30171CVE-2024-30172CVE-2024-41996CVE-2025-6965CVE-2025-7783CVE-2025-9230CVE-2025-9232CVE-2025-9670CVE-2025-12816CVE-2025-15284CVE-2025-58751CVE-2025-58752CVE-2025-58754CVE-2025-62522CVE-2025-64718CVE-2025-64756CVE-2025-66030CVE-2025-66031CVE-2025-66035CVE-2025-66412CVE-2025-69277CVE-2026-22610
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9a3f89d4-46db-425d-b220-b95fb3af6131