GRI

ICS Advisory: Siemens Mendix Forgot Password Module

News Cybersecurity English Sanctions & Fines
Date: 12th Oct, 2023 Source: Cybersecurity and Infrastructure Security Agency Country: USA Original Source

Brief

Summary:

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. The advisory provides information on a vulnerability in the Mendix Forgot Password Module, which allows an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.

Affected products include Mendix Forgot Password modules prior to specific versions (V3.7.3, V4.1.3, V5.4.0) across various Mendix versions (7, 8, 9, 10). Siemens has identified mitigations, including updating to specified versions, and recommends implementing additional security measures such as minimizing network exposure, using firewalls, and securing remote access.

CISA recommends users take defensive measures to minimize the risk of exploitation, including impact analysis, risk assessment, and implementing recommended cybersecurity strategies.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack

This content is restricted.

Highlights content goes here...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack

This content is restricted.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
Related Documents
Yokogawa Recorder Products
Date: 17th Apr, 2025 Source: Cybersecurity and Infrastructure Security Agency Country: USA
News Cybersecurity Guidance
ED, Lucknow has provisionally attached properties in form of bank balance worth Rs.55.07 Lakh belonging to Mohammad Javed resident of Allahabad under the provisions of PMLA, 2002 in the case of Shine City group and others in connection with fraudulently collection of money from public through Ponzi-pyramid scheme under the guise of investment in real estate sector and other attractive schemes.
Date: 18th Jun, 2025 Source: Enforcement Directorate (ED) Country: India
News Anti-bribery and corruption Sanctions & Fines
AER grants ring-fencing waiver to Ergon Energy for Mareeba and Charters Towers depots
Date: 12th Jun, 2025 Source: Australian Energy Regulator (AER) Country: Australia
News Energy & Renewables Sanctions & Fines

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Click here

Enter your Email

Enter your registered username/email id.

Enter your Email

Enter your email id below to signup.
Individual Plan
  • Designed for Growing Compliance Teams
$125 / month OR $1250 / year
Features
  • • Coverage for 20 jurisdictions
  • • Monitoring from 500+ regulatory authorities
  • • AI compliance summaries
  • • RaDa.ai : Single-Role
Best for: Researchers, Legal professionals, Academics
Subscribe Now
Enterprise Plan
  • Perfect for Global Enterprises
Contact for Pricing
Features
  • • Custom jurisdictional coverage
  • • Custom monitoring of regulatory authorities
  • • RaDa.ai : Customizable multi-role
  • • Custom reporting and dashboard capabilities
  • • API access for seamless integration
Best for: Law Firms, Corporations, Government Bodies
Contact Sales