ICSA-24-256-05
·
Published 2025-08-12
·
View on CISA ICS-CERT ↗
Siemens Mendix Runtime
CVSS 5.3
MEDIUM
CVEs (1)
Remediations
- For app user login: Do not use basic authentication, but setup an alternative authentication module (e.g. OIDC SSO, Mendix SSO, or SAML >= V4.0.0), or your own Identity Provider (IDP).
- For published REST and web services and oData APIs: Do not use basic authentication, but use Custom or Active Session authentication methods.
- Update to V10.12.11 or later version
- Update to V10.17.0 or later version
- Update to V10.6.19 or later version
- Update to V8.18.33 or later version
- Update to V9.24.31 or later version
Affected Vendors
Siemens
Affected Products (5)
Siemens
·
Mendix Runtime V8
vers:intdot/<8.18.33
Siemens
·
Mendix Runtime V9
vers:intdot/<9.24.31
Siemens
·
Mendix Runtime V10
vers:intdot/<10.17.0
Siemens
·
Mendix Runtime V10.6
vers:intdot/<10.6.19
Siemens
·
Mendix Runtime V10.12
vers:intdot/<10.12.11
Affected Sectors
Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more