PatchSiren cyber security CVE debrief
CVE-2023-4807 Siemens CVE debrief
CVE-2023-4807 is a product-specific OpenSSL-related bug affecting Siemens SIDIS Prime deployments on Windows 64 when running on newer x86_64 processors that support AVX512-IFMA. The issue can corrupt application state because the POLY1305 path does not restore non-volatile XMM registers before returning, instead zeroing them. Impact depends on how the calling application uses those registers and whether an attacker can influence use of POLY1305/CHACHA20-POLY1305; vendor guidance says the most likely outcomes are incorrect results or a crash, and Siemens notes it is not aware of a concrete affected application.
- Vendor
- Siemens
- Product
- SIDIS Prime
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-08
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-08
- Advisory updated
- 2025-05-06
Who should care
Siemens SIDIS Prime operators, Windows 64 administrators, and developers who deploy SIDIS Prime or similar OpenSSL-based applications on AVX512-IFMA-capable x86_64 systems, especially where client input can influence whether CHACHA20-POLY1305 is negotiated or used.
Technical summary
The vulnerable code path is the OpenSSL POLY1305 MAC implementation used by SIDIS Prime. On Windows 64, for MAC calculations over 64 bytes on CPUs supporting AVX512-IFMA, the implementation fails to save and restore non-volatile XMM registers; before returning, the registers are zeroized instead of restored. Because the corruption affects internal application state rather than allowing attacker-controlled register contents, consequences are application-dependent and may range from no visible effect to incorrect computation, crash, or other process-level instability. The vendor states the FIPS provider is not affected.
Defensive priority
Medium
Recommended defensive actions
- Update Siemens SIDIS Prime to version V4.0.700 or later.
- If an immediate update is not possible, disable AVX512-IFMA support at runtime using the vendor-recommended OPENSSL_ia32cap=:~0x200000 setting.
- Inventory Windows 64 deployments that use OpenSSL on AVX512-IFMA-capable x86_64 processors and identify where clients can influence POLY1305 or CHACHA20-POLY1305 use.
- Validate application behavior after remediation, with attention to crashes or incorrect results that could indicate prior register-state dependency.
- Track the Siemens and CISA advisories for any follow-up guidance or scope clarification.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-100-02 and Siemens advisory SSA-277137, both published on 2025-04-08 and revised on 2025-05-06 for typo fixes. The source states the issue is a POLY1305/OpenSSL bug on Windows 64 with AVX512-IFMA-capable x86_64 CPUs, recommends updating to V4.0.700 or later, and provides the OPENSSL_ia32cap workaround. The vendor notes that no concrete affected application is currently known, that the FIPS provider is not affected, and that practical impact is most likely incorrect results or denial of service. The supplied CVE metadata assigns CVSS 3.1 7.8/HIGH, while the vendor advisory characterizes real-world severity as low due to the narrow and application-dependent impact.
Official resources
-
CVE-2023-4807 CVE record
CVE.org
-
CVE-2023-4807 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-04-08 via Siemens and CISA advisories; CISA revised the advisory on 2025-05-06 for typo fixes.