CISA

Siemens Mendix Studio Pro

From Cybersecurity and Infrastructure Security Agency ↗

Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

The following versions of Siemens Mendix Studio Pro are affected:

Mendix Studio Pro 10.11 vers:all/*

Mendix Studio Pro 10.12 vers:all/* 

Mendix Studio Pro 10.13 vers:all/*

Mendix Studio Pro 10.14 vers:all/* 

Mendix Studio Pro 10.15 vers:all/* 

Mendix Studio Pro 10.16 vers:all/* 

Mendix Studio Pro 10.17 vers:all/* 

Mendix Studio Pro 10.18 vers:all/* 

Mendix St...