Analysis Summary

CVE-2024-56841 CVSS:9.1

A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.

CVE-2024-53649 CVSS:7.1

Affected devices do not properly limit the path accessible via their webserver. This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.

CVE-2024-45385 CVSS:4.7

A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affected components are vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.

Impact

• Security Bypass
• Cross-Site Scripting

Indicators of Compromise

CVE

• CVE-2024-56841

• CVE-2024-53649

• CVE-2024-45385

Affected Vendors

Affected Products

• Siemens Mendix LDAP V1.1.2
• Siemens SIPROTEC 5 6MD84 (CP300): Versions prior to 9.80
• Siemens SIPROTEC 5 7SA87 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SD82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SD82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SD86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SD87 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SJ81 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SJ81 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SJ82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SJ82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SJ85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 6MD85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SJ86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SK82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SK82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SK85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SL82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SL82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SL86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SL87 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SS85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7ST85 (CP300): All versions
• Siemens SIPROTEC 5 6MD86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7ST86 (CP300): Versions prior to 9.80
• Siemens SIPROTEC 5 7SX82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SX85 (CP300): Versions prior to 9.80
• Siemens SIPROTEC 5 7SY82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7UM85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7UT82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7UT82 (CP150): Versions prior to V9.80
• Siemens SIPROTEC 5 7UT85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7UT86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7UT87 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 6MD89 (CP300): Versions 7.80 and after
• Siemens SIPROTEC 5 7VE85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7VU85 (CP300): Versions prior to 9.80
• Siemens SIPROTEC 5 Compact 7SX800 (CP050): Versions prior to V9.80
• Siemens SIPROTEC 5 6MU85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7KE85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SA82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SA82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SA86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens Industrial Edge Management OS (IEM-OS)

Remediation

Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-56841

CVE-2024-53649

CVE-2024-45385