← Back to home
ICSA-26-188-04  ·  Published 2026-07-07  ·  View on CISA ICS-CERT ↗

Siemens Mendix Studio Pro

CVSS 5.4 MEDIUM

Risk Summary

Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

CVEs (1)

Remediations

  • Currently no fix is planned
  • Update to V10.24.21 or later version
  • Update to V11.6.7 or later version

Affected Vendors

Siemens

Affected Products (26)

Siemens · Mendix Studio Pro 10.11 vers:all/*
Siemens · Mendix Studio Pro 10.12 vers:all/*
Siemens · Mendix Studio Pro 10.13 vers:all/*
Siemens · Mendix Studio Pro 10.14 vers:all/*
Siemens · Mendix Studio Pro 10.15 vers:all/*
Siemens · Mendix Studio Pro 10.16 vers:all/*
Siemens · Mendix Studio Pro 10.17 vers:all/*
Siemens · Mendix Studio Pro 10.18 vers:all/*
Siemens · Mendix Studio Pro 10.19 vers:all/*
Siemens · Mendix Studio Pro 10.20 vers:all/*
Siemens · Mendix Studio Pro 10.21 vers:all/*
Siemens · Mendix Studio Pro 10.22 vers:all/*
Siemens · Mendix Studio Pro 10.23 vers:all/*
Siemens · Mendix Studio Pro 10.24 vers:intdot/<10.24.21
Siemens · Mendix Studio Pro 11.0 vers:all/*
Siemens · Mendix Studio Pro 11.1 vers:all/*
Siemens · Mendix Studio Pro 11.10 vers:all/*
Siemens · Mendix Studio Pro 11.11 vers:all/*
Siemens · Mendix Studio Pro 11.2 vers:all/*
Siemens · Mendix Studio Pro 11.3 vers:all/*
Siemens · Mendix Studio Pro 11.4 vers:all/*
Siemens · Mendix Studio Pro 11.5 vers:all/*
Siemens · Mendix Studio Pro 11.6 vers:intdot/<11.6.7
Siemens · Mendix Studio Pro 11.7 vers:all/*
Siemens · Mendix Studio Pro 11.8 vers:all/*
Siemens · Mendix Studio Pro 11.9 vers:all/*

Affected Sectors

Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more