Full Report
SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Siemens SIDIS Prime
## CVE Details
The Siemens SIDIS Prime product is affected by multiple vulnerabilities (OpenSSL, SQLite, and several Node.js packages). The following critical and high-severity identifiers are highlighted:
* **CVE-2025-66031:** CVSS 8.7 (High) - CWE-674: Uncontrolled Recursion
* **CVE-2025-0553:** CVSS 8.1 (High) - CWE-416: Use After Free
* **CVE-2025-66412:** CVSS 8.0 (High) - CWE-79: Stored XSS
* **CVE-2026-22610:** CVSS 8.0 (High) - CWE-79: XSS (SVG Attributes)
* **CVE-2025-66035:** CVSS 7.7 (High) - CWE-201: Sensitive Information Insertion (XSRF Leak)
* **CVE-2025-1094:** CVSS 7.5 (High) - CWE-125: Out-of-bounds Read
* **CVE-2021-3918:** CVSS 7.5 (High) - CWE-78: OS Command Injection
* **CVE-2025-66030:** CVSS 6.3 (Medium) - CWE-190: Integer Overflow
* **CVE-2025-69277:** CVSS 4.5 (Medium) - CWE-184: Incomplete Disallowed Input List
## Affected Systems
* **Products:** SIDIS Prime
* **Versions:** All versions prior to V4.0.800
* **Configurations:** Applications utilizing the internal OpenSSL, SQLite, Angular, and Node.js (node-forge, glob-parent, etc.) libraries.
## Vulnerability Description
The advisory covers a broad spectrum of flaws across third-party components integrated into SIDIS Prime:
* **Command Injection (CVE-2021-3918):** `glob-parent` fails to neutralize shell metacharacters in filenames when `shell: true` is used.
* **ASN.1 Parsing Flaws (CVE-2025-66030/31):** `node-forge` is susceptible to integer overflows in OID decoding and stack exhaustion via uncontrolled recursion in deep ASN.1 structures.
* **Web Vulnerabilities (Angular):** Multiple XSS flaws in the Angular Template Compiler due to incomplete security schemas for SVG elements and sensitive XSRF token leakage via protocol-relative URLs.
* **System Library Flaws:** Memory corruption issues in OpenSSL (Use After Free) and SQLite (Out-of-bounds Read).
## Exploitation
* **Status:** No reports of exploitation in the wild at the time of publication. No Public PoC specifically for SIDIS Prime is mentioned, though component-level PoCs may exist.
* **Complexity:** Ranges from **Low** (XSS/XSRF leakage) to **High** (OpenSSL memory corruption).
* **Attack Vector:** Primarily **Network**.
## Impact
* **Confidentiality:** **High** (Credential/XSRF token leakage, arbitrary file read via command injection).
* **Integrity:** **High** (Arbitrary code execution, stored script injection).
* **Availability:** **High** (Denial of Service via stack exhaustion or application crashes).
## Remediation
### Patches
Siemens recommends updating to the following version:
* **SIDIS Prime: Update to V4.0.800 or later.**
* *Note: This update incorporates patched versions of Angular (19.2.18+), node-forge (1.3.2+), and glob-parent (11.1.0+).*
### Workarounds
* **Angular HttpClient:** Avoid using protocol-relative URLs (e.g., `//example.com`). Use hardcoded relative paths (starting with `/`) or fully qualified absolute URLs (`https://...`).
* **General:** Restrict network access to the SIDIS Prime environment to trusted users and systems only.
## Detection
* **Indicators of Compromise:** Unusual stack exhaustion errors in logs, unrecognized shell commands executed by the CI account, or unauthorized outbound requests containing `X-XSRF-TOKEN` headers.
* **Detection Methods:** Use software composition analysis (SCA) tools to verify if your SIDIS Prime installation is running vulnerable versions of the sub-components listed above.
## References
* Siemens Security Advisory SSA-485750: [https://cert-portal.siemens.com/productcert/pdf/ssa-485750.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-485750.pdf)
* Siemens ProductCERT Advisories: [https://www.siemens.com/cert/advisories](https://www.siemens.com/cert/advisories)