← Back to home

ICSA-22-069-04 · Published 2025-05-06 · View on CISA ICS-CERT ↗

Siemens SINEMA Mendix Forgot Password Appstore

CVSS 9.1 CRITICAL

CVEs (2)

CVE-2022-26313 CVE-2022-26314

Remediations

Update to V3.5.1 or later
CVE-2022-26313: Disable sign up as described in the documentation
Restrict access to application webserver for trusted users only
Update to V3.2.2 or later version

Affected Vendors

Siemens

Affected Products (2)

Siemens · Mendix Forgot Password Appstore module >=V3.3.0_<V3.5.1

Siemens · Mendix Forgot Password Appstore module (Mendix 7 compatible) <V3.2.2

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more