Siemens released security update for Siemens Mendix Applications — prone to an elevation of privilege vulnerability.prone to an elevation of privilege vulnerability.
Privilege Escalation — CVE-2021-27394
Security researchers discovered elevation of privilege vulnerability in Siemens Mendix Applications.
Mendix is a high productivity app platform that enables you to build and continuously improve mobile and web applications at scale.
However, The latest updates for Mendix fix a vulnerability in Mendix Applications that could allow malicious
authorized users to escalate their privileges.
Vulnerability Classification
Authenticated, non-administrative users could modify their privileges by manipulating the user role
under certain circumstances, allowing them to gain administrative privileges.
| CVSS v3.1 | Base Score 8.1 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
| CWE | CWE-269: Improper Privilege Management |
Affected Products
| Affected Product | Remediation |
| Mendix Applications using Mendix 7: All versions < V7.23.19 | Update your Mendix Project to V7.23.19 or later version and redeploy your application https://docs.mendix.com/releasenotes/studiopro/7.23 |
| Mendix Applications using Mendix 8: All versions < V8.17.0 | Update your Mendix Project to V8.17.0 or later version and redeploy your application https://docs.mendix.com/releasenotes/studiopro/8.17 |
| Mendix Applications using Mendix 8 (V8.12): All versions < V8.12.5 | Update your Mendix Project to V8.12.5 or later and preferably the latest V8.18 version and redeploy your application https://docs.mendix.com/releasenotes/studiopro/8.12 |
| Mendix Applications using Mendix 8 (V8.6): All versions < V8.6.9 | Update your Mendix Project to V8.6.9 or later and preferably the latest V8.18 version and redeploy your application https://docs.mendix.com/releasenotes/studiopro/8.6 |
| Mendix Applications using Mendix 9: All versions < V9.0.5 | Update your Mendix Project to V9.0.5 or later version and redeploy your application https://docs.mendix.com/releasenotes/studiopro/9.0 |
Security Recommendation
Siemens strongly recommends to protect network access to devices with appropriate mechanisms.
Also, in order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security.
Download: https://www.siemens.com/cert/operational-guidelines-industrial-security
Leave A Comment