CVE-2024-30171 Siemens CVE debrief

Who should care

Organizations running Siemens SIDIS Prime, especially operators, OT administrators, and security teams responsible for systems that use TLS and RSA handshakes and may still be on versions earlier than 4.0.800.

Technical summary

The supplied advisory text ties CVE-2024-30171 to a timing-leakage condition in Bouncy Castle Java TLS API and JSSE Provider versions before 1.78. During RSA-based handshakes, exception processing may reveal timing differences that can leak information. In the Siemens SIDIS Prime advisory, CISA lists affected versions as before 4.0.800 and the vendor remediation as V4.0.800 or later.

Defensive priority

Medium. The supplied CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates a network-reachable confidentiality issue with higher exploitation complexity, so it should be patched promptly in exposed or critical deployments.

Recommended defensive actions

• Inventory Siemens SIDIS Prime deployments and confirm whether any instances are running versions earlier than 4.0.800.
• Update affected systems to Siemens SIDIS Prime V4.0.800 or later, as specified in the advisory.
• Validate TLS and RSA-dependent functions after patching to ensure the update did not disrupt operational workflows.
• Use standard ICS hardening practices such as limiting network exposure, restricting administrative access, and reviewing vendor advisories for follow-up guidance.

Evidence notes

CISA’s CSAF advisory ICSA-26-071-03 republishes Siemens ProductCERT advisory SSA-485750 and lists Siemens SIDIS Prime versions before 4.0.800 as affected, with remediation to V4.0.800 or later. The advisory description states that Bouncy Castle Java TLS API and JSSE Provider before 1.78 may leak timing information in RSA-based handshakes because of exception processing. The supplied CVSS vector is AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, and no KEV entry is present in the provided data.

Official resources