Siemens Mendix SAML Module
Plan Patch8.2ICS-CERT ICSA-25-231-02Aug 14, 2025
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
A privilege escalation vulnerability exists in the CodeMeter Runtime component embedded in Siemens Desigo CC (V5.0–V8) and SENTRON Powermanager (V5–V8). An attacker with local administrative access can escalate privileges to bypass authorization controls. Versions V8.0 prior to QU2 and Mendix SAML modules on compatible platforms can be patched; older versions (V5.0–V7) have no fix available. Siemens recommends enabling UseEncryption in all configurations and applying CodeMeter Runtime updates.
What this means
What could happen
An attacker with local administrative access could escalate privileges within the Desigo CC or SENTRON Powermanager control system, potentially allowing them to modify energy management or building automation settings without proper authorization checks.
Who's at risk
Energy utilities running Siemens Desigo CC (all versions V5.0–V8) or SENTRON Powermanager (all versions V5–V8) for building automation and power management. Desigo CC is commonly used in electric utilities and water authorities for HVAC, lighting, and facility control. SENTRON Powermanager manages electrical distribution and power quality monitoring.
How it could be exploited
An attacker with administrative credentials on a Desigo CC or SENTRON Powermanager system can exploit a privilege escalation flaw in the embedded CodeMeter Runtime component. This allows them to bypass authorization controls and execute actions with higher privileges than their role should permit, such as altering setpoints or disabling safety configurations.
Prerequisites
- Local administrative access to Desigo CC or SENTRON Powermanager system
- UseEncryption setting disabled (to reach vulnerable code path)
- Ability to execute local commands or interact with CodeMeter Runtime API
Requires local administrative access (high barrier)Low exploit probability (EPSS 0.1%)High complexity attackAffects older versions with no patch availableNo active exploitation reported
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (9)
2 with fix7 EOL
ProductAffected VersionsFix Status
Desigo CC family V8<V8.0 QU28.0 QU2
Desigo CC family V5.0All versionsNo fix (EOL)
Desigo CC family V5.1All versionsNo fix (EOL)
Desigo CC family V6All versionsNo fix (EOL)
Desigo CC family V7All versionsNo fix (EOL)
SENTRON Powermanager V6All versionsNo fix (EOL)
SENTRON Powermanager V8<V8.0 QU28.0 QU2
SENTRON Powermanager V5All versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/2WORKAROUNDEnsure UseEncryption is enabled in all Desigo CC and SENTRON Powermanager configurations
HARDENINGRestrict network access to Desigo CC and SENTRON Powermanager systems to authorized engineering workstations only using firewall rules
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
HOTFIXUpdate Mendix SAML module to version 3.6.21 or later for Mendix 9.24 compatible systems
HOTFIXUpdate Mendix SAML module to version 4.0.3 or later for Mendix 10.12 compatible systems
HOTFIXUpdate Mendix SAML module to version 4.1.2 or later for Mendix 10.21 compatible systems
HOTFIXUpdate CodeMeter Runtime component following Siemens instructions on affected Desigo CC and SENTRON Powermanager systems
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Desigo CC family V5.0, Desigo CC family V5.1, Desigo CC family V6, Desigo CC family V7, SENTRON Powermanager V6, SENTRON Powermanager V5, SENTRON Powermanager V7. Apply the following compensating controls:
HARDENINGIsolate control system networks from business networks and the internet using air-gapping or network segmentation
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c9ea04ec-7614-4552-9d77-20ee667acf90