Critical Siemens SIDIS Prime Update Required: Addressing High-Risk OpenSSL and Node.js Vulnerabilities

Industrial control systems (ICS) and operational technology (OT) environments face a persistent threat from supply chain vulnerabilities. Recently, Siemens released a critical security advisory for their SIDIS Prime software, a solution widely used for data management and visualization in industrial settings. The advisory reveals that versions prior to V4.0.800 are susceptible to multiple high-severity vulnerabilities stemming from third-party components, specifically OpenSSL, SQLite, and various Node.js packages.

For defenders and security operations teams, this highlights the ongoing challenge of managing dependencies in OT software. While the core application might function correctly, the underlying libraries can provide an entry point for attackers if left unpatched. With a CVSS v3 score of 8.7, these vulnerabilities are rated as High severity and require immediate attention to prevent potential remote code execution or denial of service conditions within critical infrastructure environments.

Technical Analysis

The vulnerability cluster tracked under this advisory affects Siemens SIDIS Prime versions before V4.0.800. The root causes are not within Siemens' proprietary code but within the open-source libraries the software utilizes:

• OpenSSL: Vulnerabilities in OpenSSL could potentially allow remote attackers to cause a denial of service or, in specific scenarios, execute arbitrary code.
• Node.js Packages: Several Node.js packages contain vulnerabilities that could lead to prototype pollution, denial of service, or unauthorized access.
• SQLite: Issues in the SQLite database component could allow for memory corruption or heap overflow.

The advisory lists a significant number of CVEs, including CVE-2024-29857, CVE-2025-6965, CVE-2025-9230, and CVE-2026-22610, among others. The aggregate CVSS score of 8.7 reflects the potential impact of these flaws, particularly if an attacker can exploit them across a network boundary.

Siemens has addressed these issues by releasing SIDIS Prime V4.0.800. There are currently no known workarounds other than updating the software, making the application of this patch the only effective mitigation strategy.

Defensive Monitoring

To assist security teams in identifying vulnerable instances within their environment, we have provided the following detection and verification queries. These tools will help you enumerate installations of SIDIS Prime and check their version status against the fixed release (V4.0.800).

Microsoft Sentinel / Defender KQL Query

Use this query in Microsoft Sentinel or Microsoft Defender for Endpoint to search for vulnerable versions of the software in your inventory data.

// Identify devices running vulnerable versions of Siemens SIDIS Prime
DeviceTvmSoftwareInventory
| where SoftwareName has "Siemens" and SoftwareName has "SIDIS Prime"
| where SoftwareVersion < "4.0.800"
| project DeviceName, OSPlatform, SoftwareVersion, CurrentVersion, SoftwareVendor
| order by DeviceName asc

PowerShell Verification Script (Windows)

This PowerShell script checks the Windows Registry for installed Siemens SIDIS Prime software and compares the version against the secure baseline.

# Check for Siemens SIDIS Prime installation and version

$VulnerableThreshold = [version]"4.0.800"
$RegPaths = @(
    "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*",
    "HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*"
)

$FoundSoftware = $false

foreach ($Path in $RegPaths) {
    $Software = Get-ItemProperty $Path -ErrorAction SilentlyContinue | 
                Where-Object { $_.DisplayName -like "*SIDIS Prime*" }
    
    if ($Software) {
        $FoundSoftware = $true
        foreach ($App in $Software) {
            $CurrentVersion = [version]$App.DisplayVersion
            if ($CurrentVersion -lt $VulnerableThreshold) {
                Write-Host "[VULNERABLE] Found: $($App.DisplayName)" -ForegroundColor Red
                Write-Host "  Installed Version: $($App.DisplayVersion)"
                Write-Host "  Install Location: $($App.InstallLocation)"
                Write-Host "  Fix Required: Update to V4.0.800 or later`n"
            } else {
                Write-Host "[OK] Found: $($App.DisplayName)" -ForegroundColor Green
                Write-Host "  Version: $($App.DisplayVersion)`n"
            }
        }
    }
}

if (-not $FoundSoftware) {
    Write-Host "Siemens SIDIS Prime was not found in the registry."
}

Bash Verification Script (Linux)

If your deployment utilizes a Linux-based environment, use this script to search for the application binaries or configuration files.

#!/bin/bash

# Search for SIDIS Prime installation directories
# Note: Adjust paths based on your specific deployment configuration

echo "Scanning for Siemens SIDIS Prime installations..."

# Common installation paths for industrial software
SEARCH_PATHS=("/opt" "/usr/local" "/home")
FOUND=0

for dir in "${SEARCH_PATHS[@]}"; do
    if [ -d "$dir" ]; then
        # Search for directories or executables containing 'sidis'
        while IFS= read -r -d '' file; do
            echo "Potential installation found at: $file"
            FOUND=1
        done < <(find "$dir" -iname "*sidis*" -print0 2>/dev/null)
    fi
done

if [ $FOUND -eq 0 ]; then
    echo "No SIDIS Prime installations found in standard paths."
else
    echo "\nPlease manually verify the version of the identified installations."
    echo "Ensure the version is 4.0.800 or higher."
fi

Remediation

Organizations utilizing Siemens SIDIS Prime must take immediate action to secure their OT environments. Follow these steps for remediation:

1. Update Immediately: Siemens has released version V4.0.800 to address these vulnerabilities. Download and apply this update to all affected instances as soon as possible. This is the only confirmed mitigation for the identified CVEs.

2. Verify Patch Installation: After updating, run the verification scripts provided above or review your asset inventory to confirm that the version reported is now 4.0.800 or later.

3. Review Network Segmentation: If immediate patching is not possible due to operational downtime requirements, ensure that the system is isolated behind a firewall and not directly accessible from the internet or untrusted networks. Restrict access to known management stations only.

4. Monitor for Anomalies: Until all systems are patched, increase monitoring around SIDIS Prime endpoints for unusual traffic spikes, unexpected process execution, or signs of denial of service.

Related Resources

Security Arsenal Managed SOC Services AlertMonitor Platform Book a SOC Assessment soc-mdr Intel Hub