CVE-2025-66031 Siemens CVE debrief

Who should care

Siemens SIDIS Prime operators, OT/ICS defenders, and any teams that accept or proxy untrusted DER/ASN.1 inputs in affected versions (<4.0.800).

Technical summary

The advisory describes a parser recursion flaw: crafted nested ASN.1/DER input can cause unbounded recursive parsing until the call stack is exhausted. The issue is network-reachable, requires no privileges or user interaction, and affects SIDIS Prime versions below 4.0.800; Siemens lists V4.0.800 or later as the fix.

Defensive priority

High. The issue is remotely triggerable without authentication and can disrupt exposed services by exhausting the stack. Prioritize patching on any system that processes untrusted DER/ASN.1 content.

Recommended defensive actions

• Update Siemens SIDIS Prime to V4.0.800 or later.
• Inventory all deployments and identify any versions below 4.0.800.
• Restrict exposure of services that parse untrusted DER/ASN.1 data.
• Monitor affected systems for repeated crashes, restarts, or stack-exhaustion symptoms.
• Follow CISA ICS recommended practices for defense-in-depth and segmentation.

Evidence notes

CISA CSAF advisory ICSA-26-071-03 was published on 2026-03-10 and republished on 2026-03-12. The supplied source description states that deep ASN.1 structures can trigger unbounded recursive parsing and stack exhaustion, with a fix in node-forge 1.3.2. The Siemens product metadata maps the affected product as SIDIS Prime versions <4.0.800 and remediation to V4.0.800 or later. No KEV entry is provided in the supplied corpus.

Official resources