PatchSiren cyber security CVE debrief
CVE-2024-41996 Siemens CVE debrief
CVE-2024-41996 is a remote, unauthenticated availability issue in Siemens SIDIS Prime. A client can influence Diffie-Hellman negotiation in a way that causes unnecessarily expensive server-side modular-exponentiation work when the server is configured to allow DHE and validate public-key order. The practical risk is asymmetric resource consumption that can degrade service availability.
- Vendor
- Siemens
- Product
- SIDIS Prime
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-02-25
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-02-25
Who should care
Administrators and operators of Siemens SIDIS Prime installations, especially those exposing DHE-enabled services in industrial or other networked environments. Security teams responsible for availability, network segmentation, and patch management should prioritize this issue.
Technical summary
According to the supplied Siemens/CISA advisory material, the flaw arises from validating the order of public keys in the Diffie-Hellman Key Agreement Protocol when an approved safe prime is used. A remote client that insists on DHE can induce expensive server-side DHE modular-exponentiation calculations, creating a denial-of-service style availability impact. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which aligns with a network-reachable, unauthenticated, availability-only condition.
Defensive priority
High. The issue is remotely reachable, requires no privileges, and impacts availability. Siemens provides a fix, so exposed SIDIS Prime deployments should be prioritized for patching and hardening.
Recommended defensive actions
- Update Siemens SIDIS Prime to V4.0.800 or later, as recommended in the supplied advisory.
- Confirm whether any SIDIS Prime services exposed to untrusted networks use DHE and review those interfaces first.
- Apply ICS network segmentation and access controls to reduce exposure of affected services to client-initiated traffic.
- Monitor for unusual connection patterns and resource spikes that could indicate repeated expensive handshake attempts.
- Use the Siemens and CISA advisory guidance and verify the remediation in a planned maintenance window before returning systems to service.
Evidence notes
The supplied source corpus identifies Siemens SIDIS Prime as the affected product and lists the affected version range as vers:intdot/<4.0.800. The remediation explicitly states: update to V4.0.800 or later. CISA's CSAF advisory ICSA-26-071-03 is published 2026-03-10 and republished 2026-03-12 to incorporate Siemens ProductCERT advisory SSA-485750. The supplied CVSS vector indicates network attack, no privileges, no user interaction, and availability impact only. No KEV entry is present in the supplied data.
Official resources
-
CVE-2024-41996 CVE record
CVE.org
-
CVE-2024-41996 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2026-03-10 in CISA ICS Advisory ICSA-26-071-03, with a 2026-03-12 CISA republication that incorporated Siemens ProductCERT advisory SSA-485750.