Siemens Mendix SAML Module

🗓️ 13 Sep 2022 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 39 Views

Siemens Mendix SAML Module (Update B) is a critical vulnerability rated at CVSS v3 7.4. It allows remote attackers to gain unauthenticated access to the application by exploiting insufficient protection from packet capture replay

Reporter	Title	Published	Views	Family All 24
ATTACKERKB	CVE-2022-37011	13 Sep 202210:15	–	attackerkb
Circl	CVE-2022-37011	8 Nov 202214:35	–	circl
Circl	CVE-2022-44457	8 Nov 202214:35	–	circl
CNNVD	Siemens Mendix SAML Module 安全漏洞	13 Sep 202200:00	–	cnnvd
CNNVD	Siemens Mendix SAML Module 安全漏洞	8 Nov 202200:00	–	cnnvd
CNVD	Siemens Mendix SAML Module Authentication Bypass Vulnerability	14 Sep 202200:00	–	cnvd
CNVD	Siemens Mendix SAML Module Certification Bypass Vulnerability	9 Nov 202200:00	–	cnvd
CVE	CVE-2022-37011	13 Sep 202200:00	–	cve
CVE	CVE-2022-44457	8 Nov 202200:00	–	cve
Cvelist	CVE-2022-37011	13 Sep 202200:00	–	cvelist

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-638652.json
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-638652.txt
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-258-04.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-22-258-04
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

13 Sep 2022 00:00Current

10High risk

Vulners AI Score10

CVSS 3.19.8

EPSS0.00914

SSVC