PatchSiren cyber security CVE debrief
CVE-2025-66412 Siemens CVE debrief
CVE-2025-66412 is published as a high-severity security advisory with a stored cross-site scripting (XSS) description and a CVSS 3.1 score of 8.0. The supplied record ties the advisory to Siemens SIDIS Prime and recommends upgrading to V4.0.800 or later. At the same time, the CVE description text references an Angular Template Compiler XSS issue, which does not cleanly match the Siemens product mapping in the same source bundle. Because of that inconsistency, the safest operational stance is to treat this as a real advisory that needs manual validation against the affected Siemens environment before change windows are planned.
- Vendor
- Siemens
- Product
- SIDIS Prime
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-03-12
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-03-12
Who should care
OT and enterprise teams running Siemens SIDIS Prime, vulnerability managers, application security teams, and anyone responsible for validating advisory-to-asset mapping before remediation.
Technical summary
The source corpus reports a stored XSS condition with CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The description says the issue stems from an incomplete internal security schema that fails to classify some URL-holding attributes as requiring strict URL security, which can allow malicious script injection. The remediation line in the advisory says to update Siemens SIDIS Prime to V4.0.800 or later. However, the same record also names Angular and Angular version fixes (21.0.2, 20.3.15, 19.2.17), so the product scope should be confirmed before applying the guidance.
Defensive priority
High. The published score is 8.0, the vector indicates network reachability with user interaction, and the advisory content points to script injection risk. The record should be triaged promptly, but verification is important because the product metadata and vulnerability description are inconsistent.
Recommended defensive actions
- Verify whether Siemens SIDIS Prime V4.0.800 or later is the applicable fixed release for your deployed assets.
- Cross-check the advisory against the official Siemens ProductCERT notice before scheduling remediation.
- Inventory any exposed web-facing interfaces associated with the affected product and confirm whether user interaction paths could permit stored content injection.
- Prioritize patching or compensating controls for environments that handle trusted operator content or administrative web workflows.
- Review access control, input handling, and content validation around any web components that could persist and render untrusted user input.
- Use the CISA and Siemens advisory references to confirm affected versions, vendor guidance, and any operational constraints before rollout.
Evidence notes
All substantive claims in this debrief are drawn from the supplied CISA CSAF source item and its embedded references. The record explicitly states: publishedAt 2026-03-10, modifiedAt 2026-03-12, CVSS 8.0, the stored XSS description, and the remediation to update to V4.0.800 or later. The source also contains a notable inconsistency: the narrative references Angular and Angular version fixes, while the product mapping identifies Siemens SIDIS Prime and a Siemens version remediation. That mismatch is preserved here rather than resolved by assumption.
Official resources
-
CVE-2025-66412 CVE record
CVE.org
-
CVE-2025-66412 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2026-03-10 and republished/updated on 2026-03-12. No KEV listing is present in the supplied data.