← Back to home
SIEMENS-SSA-814963  ·  Published 2026-07-14  ·  View on Siemens ProductCERT ↗

SSA-814963 V1.0: Insecure Inherited Permission in Mendix

CVSS N/A MEDIUM

Risk Summary

<p>Mendix documentation for access rules does not adequately describe the special behavior of the System.User entity, leaving developers without sufficient guidance to configure access rules securely. This documentation gap may lead application developers to unknowingly apply overly permissive access rules to System.User, resulting in unintended exposure of sensitive user data or privilege escalation within deployed Mendix applications.</p> <p>A common misconfiguration identified is with the anonymous user role with a System.User entity to gain access to all stored records, even though no access rights are explicitly configured on that role.</p> <p>Siemens recommends Mendix developers to review their access rules based on <a href="https://docs.mendix.com/refguide/access-rules/">updated documentation</a>.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-814963 V1.0: Insecure Inherited Permission in Mendix See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more