PatchSiren cyber security CVE debrief
CVE-2022-21658 Siemens CVE debrief
CVE-2022-21658 is a race-condition flaw described in the supplied Siemens/CISA advisory for SIDIS Prime. The issue involves Rust’s std::fs::remove_dir_all and can let a local attacker influence a privileged deletion operation so files or directories outside the intended scope are removed. Siemens’ advisory recommends updating SIDIS Prime to V4.0.700 or later. The advisory was published on 2025-04-08 and revised on 2025-05-06; those dates are advisory timing only and not the original issue date.
- Vendor
- Siemens
- Product
- SIDIS Prime
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-08
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-08
- Advisory updated
- 2025-05-06
Who should care
Siemens SIDIS Prime operators, OT administrators, system integrators, and security teams responsible for privileged or service-account-based deployments should prioritize this issue. The risk is highest where the product or related maintenance tasks run with elevated privileges or act on attacker-influenced directory paths.
Technical summary
The advisory describes a CWE-363 race condition in Rust’s std::fs::remove_dir_all that can be abused to follow symlinks during deletion. In practical terms, a local attacker with some level of access can manipulate timing so a privileged program removes files or directories it should not reach. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H, reflecting local attack requirements but potentially significant integrity and availability impact. For Siemens SIDIS Prime, the provided remediation is to update to V4.0.700 or later. The advisory also states that adding pre-checks before calling remove_dir_all does not eliminate the race condition.
Defensive priority
High
Recommended defensive actions
- Upgrade Siemens SIDIS Prime to V4.0.700 or later.
- Prioritize remediation on systems where SIDIS Prime runs with elevated privileges or handles attacker-controlled paths.
- Review workflows that delete directories and treat pre-delete path checks as insufficient protection against race conditions.
- Apply least-privilege service design so a successful local manipulation has limited impact.
- Restrict write access and symlink creation opportunities in directories processed by privileged maintenance tasks.
- Use the Siemens and CISA advisory references for product-specific deployment guidance and confirmation of the fixed release.
Evidence notes
The supplied corpus states that Rust’s std::fs::remove_dir_all is vulnerable to a race condition enabling symlink following, and that this can cause a privileged program to delete inaccessible files or directories. It also states that Rust 1.58.1 contains the upstream patch, while the Siemens advisory’s product remediation for SIDIS Prime is V4.0.700 or later. The advisory was published on 2025-04-08 and revised on 2025-05-06 for typos.
Official resources
-
CVE-2022-21658 CVE record
CVE.org
-
CVE-2022-21658 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory context in the supplied corpus begins with publication on 2025-04-08 and a revision on 2025-05-06. This debrief uses those advisory dates for timing context only and does not treat them as the original flaw’s creation date.