ICSA-26-188-04
·
Published 2026-07-07
·
View on CISA ICS-CERT ↗
Siemens Mendix Studio Pro
CVSS 5.4
MEDIUM
Risk Summary
Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
CVEs (1)
Remediations
- Currently no fix is planned
- Update to V10.24.21 or later version
- Update to V11.6.7 or later version
Affected Vendors
Siemens
Affected Products (26)
Siemens
·
Mendix Studio Pro 10.11
vers:all/*
Siemens
·
Mendix Studio Pro 10.12
vers:all/*
Siemens
·
Mendix Studio Pro 10.13
vers:all/*
Siemens
·
Mendix Studio Pro 10.14
vers:all/*
Siemens
·
Mendix Studio Pro 10.15
vers:all/*
Siemens
·
Mendix Studio Pro 10.16
vers:all/*
Siemens
·
Mendix Studio Pro 10.17
vers:all/*
Siemens
·
Mendix Studio Pro 10.18
vers:all/*
Siemens
·
Mendix Studio Pro 10.19
vers:all/*
Siemens
·
Mendix Studio Pro 10.20
vers:all/*
Siemens
·
Mendix Studio Pro 10.21
vers:all/*
Siemens
·
Mendix Studio Pro 10.22
vers:all/*
Siemens
·
Mendix Studio Pro 10.23
vers:all/*
Siemens
·
Mendix Studio Pro 10.24
vers:intdot/<10.24.21
Siemens
·
Mendix Studio Pro 11.0
vers:all/*
Siemens
·
Mendix Studio Pro 11.1
vers:all/*
Siemens
·
Mendix Studio Pro 11.10
vers:all/*
Siemens
·
Mendix Studio Pro 11.11
vers:all/*
Siemens
·
Mendix Studio Pro 11.2
vers:all/*
Siemens
·
Mendix Studio Pro 11.3
vers:all/*
Siemens
·
Mendix Studio Pro 11.4
vers:all/*
Siemens
·
Mendix Studio Pro 11.5
vers:all/*
Siemens
·
Mendix Studio Pro 11.6
vers:intdot/<11.6.7
Siemens
·
Mendix Studio Pro 11.7
vers:all/*
Siemens
·
Mendix Studio Pro 11.8
vers:all/*
Siemens
·
Mendix Studio Pro 11.9
vers:all/*
Affected Sectors
Critical Manufacturing, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more