Privilege Escalation Vulnerability in Mendix Runtime

Monitor6.8SSA-084182Nov 14, 2023

Attack VectorNetwork

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Mendix Runtime contains a capture-replay flaw that could allow authenticated attackers to bypass access controls and escalate privileges if certain preconditions are met based on the application's model and access control design. Attackers with valid credentials could access or modify objects without proper authorization in vulnerable applications built on Mendix 7, 8, 9, or 10.

What this means

What could happen

An authenticated user could escalate their privileges or access and modify data they should not have permission to access within Mendix-based applications. This could allow unauthorized changes to configuration, process data, or control logic if the app is used for operational purposes.

Who's at risk

Organizations using Siemens Mendix platform for building enterprise or operational applications. This affects any custom applications built on Mendix versions 7, 8, 9, or 10 (before the patched versions). Of particular concern for utilities and municipalities if Mendix is used for any SCADA, HMI, or operational data management applications.

How it could be exploited

An attacker with valid login credentials to a Mendix application can exploit a capture-replay flaw in the Mendix Runtime to bypass access controls. By replaying or manipulating authenticated requests, the attacker can access or modify objects in the application without proper authorization checks, escalating their privileges within the app's context.

Prerequisites

Valid authenticated user account in the Mendix application
Vulnerable version of Mendix Runtime (7.x before 7.23.37, 8.x before 8.18.27, 9.x before 9.24.10, or 10.x before 10.4.0)
Application model and access control design must have certain preconditions that enable the vulnerability

Requires valid authenticationHigh complexity exploitation (depends on app-specific access control design)Medium CVSS severity (6.8)Actively exploited in the wild (E:P indicates evidence of POC)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Mendix Applications using Mendix 10<V10.4.010.4.0

Mendix Applications using Mendix 7<V7.23.377.23.37

Mendix Applications using Mendix 8<V8.18.278.18.27

Mendix Applications using Mendix 9<V9.24.109.24.10

Remediation & Mitigation

0/5

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Mendix Runtime to version 7.23.37 or later and redeploy applications

HOTFIXUpdate Mendix Runtime to version 8.18.27 or later and redeploy applications

HOTFIXUpdate Mendix Runtime to version 9.24.10 or later and redeploy applications

HOTFIXUpdate Mendix Runtime to version 10.4.0 or later and redeploy applications

Long-term hardening

0/1

HARDENINGReview access control rules and authentication mechanisms in your Mendix applications to ensure least-privilege principles are enforced

CVEs (1)

CVE-2023-45794

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/36e8b936-216b-4595-af4e-307b832489eb