Security Vulnerability Update — Siemens Mendix Applications

Home/Security Update/Security Vulnerability Update — Siemens Mendix Applications

Security Vulnerability Update — Siemens Mendix Applications

Siemens released security update for Siemens Mendix Applications — prone to an elevation of privilege vulnerability.prone to an elevation of privilege vulnerability.

Privilege Escalation — CVE-2021-27394

Security researchers discovered elevation of privilege vulnerability in Siemens Mendix Applications.

Mendix is a high productivity app platform that enables you to build and continuously improve mobile and web applications at scale.

However, The latest updates for Mendix fix a vulnerability in Mendix Applications that could allow malicious
authorized users to escalate their privileges.

Vulnerability Classification

Authenticated, non-administrative users could modify their privileges by manipulating the user role
under certain circumstances, allowing them to gain administrative privileges.

CVSS v3.1Base Score 8.1
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CWECWE-269: Improper Privilege Management

Affected Products

Affected ProductRemediation
Mendix Applications using Mendix 7:
All versions < V7.23.19
Update your Mendix Project to V7.23.19 or later
version
and redeploy your application
https://docs.mendix.com/releasenotes/studiopro/7.23
Mendix Applications using Mendix 8:
All versions < V8.17.0
Update your Mendix Project to V8.17.0 or later
version
and redeploy your application
https://docs.mendix.com/releasenotes/studiopro/8.17
Mendix Applications using Mendix 8 (V8.12):
All versions < V8.12.5
Update your Mendix Project to V8.12.5 or later
and preferably the latest V8.18 version and
redeploy your application
https://docs.mendix.com/releasenotes/studiopro/8.12
Mendix Applications using Mendix 8 (V8.6):
All versions < V8.6.9
Update your Mendix Project to V8.6.9 or later and
preferably the latest V8.18 version and redeploy
your application
https://docs.mendix.com/releasenotes/studiopro/8.6
Mendix Applications using Mendix 9:
All versions < V9.0.5
Update your Mendix Project to V9.0.5 or later
version
and redeploy your application
https://docs.mendix.com/releasenotes/studiopro/9.0

Security Recommendation

Siemens strongly recommends to protect network access to devices with appropriate mechanisms.

Also, in order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security.

Download: https://www.siemens.com/cert/operational-guidelines-industrial-security

By | 2021-04-25T22:10:55+05:30 April 25th, 2021|Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!