PatchSiren cyber security CVE debrief
CVE-2025-9670 Siemens CVE debrief
CVE-2025-9670 is a medium-severity issue tracked by CISA for Siemens SIDIS Prime. The supplied advisory metadata identifies affected versions as earlier than 4.0.800 and describes a remotely reachable flaw with inefficient regular expression complexity, public exploit availability, and an availability-only CVSS impact (5.3). Siemens and CISA recommend updating to V4.0.800 or later.
- Vendor
- Siemens
- Product
- SIDIS Prime
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-03-12
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-03-12
Who should care
Operators, integrators, and defenders responsible for Siemens SIDIS Prime deployments, especially OT environments where the product may be exposed to untrusted inputs or network-reachable interfaces.
Technical summary
The advisory metadata maps CVE-2025-9670 to Siemens SIDIS Prime vers:intdot/<4.0.800. The issue is described as remotely triggerable and associated with inefficient regular expression complexity, which aligns with an availability impact only in the supplied CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). The corpus also states that a public exploit has been released. The supplied description text mentions mixmark-io turndown/src/commonmark-rules.js, but the canonical advisory metadata and product tree identify Siemens SIDIS Prime as the affected product; this debrief follows the advisory metadata.
Defensive priority
Medium; prioritize faster remediation for exposed or internet-reachable installations because the issue is remote and publicly disclosed.
Recommended defensive actions
- Update Siemens SIDIS Prime to V4.0.800 or later as recommended in the advisory.
- Inventory SIDIS Prime deployments and confirm which instances are running versions earlier than 4.0.800.
- Reduce exposure of affected systems using CISA’s industrial control system recommended practices and defense-in-depth guidance.
- Limit network reachability to affected components and monitor for unusual request patterns against interfaces that process untrusted input.
- Track vendor and CISA advisories for any follow-on guidance or clarifications.
Evidence notes
Primary evidence comes from CISA’s CSAF republication of Siemens ProductCERT advisory SSA-485750 (ICSA-26-071-03), published 2026-03-10 and modified 2026-03-12. The source metadata names Siemens SIDIS Prime as the product, specifies affected versions earlier than 4.0.800, provides CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, and recommends updating to V4.0.800 or later. The corpus does not include a KEV listing. The description text in the supplied advisory mentions mixmark-io turndown and src/commonmark-rules.js; that text is preserved in the source corpus, but the canonical product mapping is Siemens SIDIS Prime.
Official resources
-
CVE-2025-9670 CVE record
CVE.org
-
CVE-2025-9670 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-03-10 and republished on 2026-03-12 from Siemens ProductCERT advisory SSA-485750. No CISA KEV entry is present in the supplied corpus.