Siemens Mendix Encryption Module

🗓️ 09 Jul 2024 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 10 Views

Siemens Mendix Encryption Module vulnerability allows decryption of encrypted project data due to hard-coded default EncryptionKey constant. CVSS v4 8.7. Siemens recommends updating to V10.0.2 or later version

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of Siemens Mendix Encryption, related to the use of pre-installed data, allows a intruder to gain unauthorized access to protected information.	26 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-39888	9 Jul 202414:46	–	circl
CNNVD	Siemens Mendix 安全漏洞	9 Jul 202400:00	–	cnnvd
CNVD	Siemens Mendix Encryption Module Hardcoded Default Encryption Key Vulnerability	10 Jul 202400:00	–	cnvd
CVE	CVE-2024-39888	9 Jul 202412:05	–	cve
Cvelist	CVE-2024-39888	9 Jul 202412:05	–	cvelist
EUVD	EUVD-2024-38290	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Siemens Products	9 Jul 202418:40	–	ncsc
NVD	CVE-2024-39888	9 Jul 202412:15	–	nvd
Positive Technologies	PT-2024-8753 · Mendix · Mendix Encryption	9 Jul 202400:00	–	ptsecurity

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-998949.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-998949.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-998949.pdf
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-998949.txt
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-193-08.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-193-08
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf

09 Jul 2024 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.5

CVSS 48.7

EPSS0.00194

SSVC