ICSA-24-319-12 — Vulnetix

ICSA-24-319-12 PUBLISHED CVSS 5.300000190734863 MEDIUM

The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor	Product	Versions
	Mendix Runtime V10.6
	Mendix Runtime V10.12
	Mendix Runtime V9
	Mendix Runtime V10
	Mendix Runtime V8

Timeline

Nov 12, 2024 CVE Published
Aug 12, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/csaf/ssa-914892.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-914892.html advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-319-12.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-12 advisory
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
https://docs.mendix.com/releasenotes/studio-pro/10/ fix
https://docs.mendix.com/releasenotes/studio-pro/9/ fix

Open in Interactive Console →