SIEMENS SIDIS Prime is affected by multiple vulnerabilities in OpenSSL, SQLite and several Node[.]js packages, with Siemens releasing a new version and advising users to update to the latest SIDIS Prime release (V4.0.800 or later). The advisory lists numerous CVEs, including CVE-2024-29857, CVE-2024-30171, CVE-2024-30172 and others up to CVE-2026-22610, each carrying varying base scores from medium to high and targeting issues such as out-of-bounds reads, memory exhaustion and prototype pollution.
Affected versions are SIDIS Prime prior to V4.0.800, and remediation consistently calls for updating to V4.0.800 or later. The advisory notes that Siemens ProductCERT reported these vulnerabilities to CISA, with the information republished by CISA as an ICS Advisory (ICSA-26-071-03) on 12 March 2026. According to Siemens’ publication, the risks span cross-cutting weaknesses including input validation, certificate validation, and various memory and resource exhaustion issues. Vendors and customers are urged to minimise exposure and apply the updated version to mitigate these vulnerabilities.