Severity
High
Analysis Summary
CVE-2024-56841 CVSS:9.1
A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.
CVE-2024-53649 CVSS:7.1
Affected devices do not properly limit the path accessible via their webserver. This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.
CVE-2024-45385 CVSS:4.7
A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affected components are vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.
Impact
- Security Bypass
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2024-56841
CVE-2024-53649
CVE-2024-45385
Affected Vendors
Affected Products
- Siemens Mendix LDAP V1.1.2
- Siemens SIPROTEC 5 6MD84 (CP300): Versions prior to 9.80
- Siemens SIPROTEC 5 7SA87 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7SD82 (CP100): Versions 7.80 and after
- Siemens SIPROTEC 5 7SD82 (CP150): Versions prior to 9.80
- Siemens SIPROTEC 5 7SD86 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7SD87 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7SJ81 (CP100): Versions 7.80 and after
- Siemens SIPROTEC 5 7SJ81 (CP150): Versions prior to 9.80
- Siemens SIPROTEC 5 7SJ82 (CP100): Versions 7.80 and after
- Siemens SIPROTEC 5 7SJ82 (CP150): Versions prior to 9.80
- Siemens SIPROTEC 5 7SJ85 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 6MD85 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7SJ86 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7SK82 (CP100): Versions 7.80 and after
- Siemens SIPROTEC 5 7SK82 (CP150): Versions prior to 9.80
- Siemens SIPROTEC 5 7SK85 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7SL82 (CP100): Versions 7.80 and after
- Siemens SIPROTEC 5 7SL82 (CP150): Versions prior to 9.80
- Siemens SIPROTEC 5 7SL86 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7SL87 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7SS85 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7ST85 (CP300): All versions
- Siemens SIPROTEC 5 6MD86 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7ST86 (CP300): Versions prior to 9.80
- Siemens SIPROTEC 5 7SX82 (CP150): Versions prior to 9.80
- Siemens SIPROTEC 5 7SX85 (CP300): Versions prior to 9.80
- Siemens SIPROTEC 5 7SY82 (CP150): Versions prior to 9.80
- Siemens SIPROTEC 5 7UM85 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7UT82 (CP100): Versions 7.80 and after
- Siemens SIPROTEC 5 7UT82 (CP150): Versions prior to V9.80
- Siemens SIPROTEC 5 7UT85 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7UT86 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7UT87 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 6MD89 (CP300): Versions 7.80 and after
- Siemens SIPROTEC 5 7VE85 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7VU85 (CP300): Versions prior to 9.80
- Siemens SIPROTEC 5 Compact 7SX800 (CP050): Versions prior to V9.80
- Siemens SIPROTEC 5 6MU85 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7KE85 (CP300): Versions 7.80 up to but not including 9.80
- Siemens SIPROTEC 5 7SA82 (CP100): Versions 7.80 and after
- Siemens SIPROTEC 5 7SA82 (CP150): Versions prior to 9.80
- Siemens SIPROTEC 5 7SA86 (CP300): Versions 7.80 up to but not including 9.80
- Siemens Industrial Edge Management OS (IEM-OS)
Remediation
Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.