ICSA-23-103-08
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Siemens Mendix Forgot Password Module
CVSS 7.3
HIGH
Risk Summary
Successful exploitation of the vulnerability could allow an attacker to retrieve sensitive information.
CVEs (1)
Remediations
- Do not open untrusted project files or PC system configuration files
- Currently no fix is planned
- Currently no fix is available
- Update to V17 Update 6 or later version
- Update to V18 Update 1 or later version
- As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Affected Vendors
Siemens
Affected Products (4)
Siemens
·
Totally Integrated Automation Portal (TIA Portal) V15
vers:all/*
Siemens
·
Totally Integrated Automation Portal (TIA Portal) V16
vers:all/*
Siemens
·
Totally Integrated Automation Portal (TIA Portal) V17
<V17 Update 6
Siemens
·
Totally Integrated Automation Portal (TIA Portal) V18
<V18 Update 1
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more