The latest updates of Mendix the SAML module fixes two vulnerabilities. One is an XML External Entity (XXE) attack that could allow an attacker to potentially disclose confidential data under certain circumstances the other is an Cross Site Scripting (XSS) attack allowing to execute malicious code by tricking users into accessing a malicious link .
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
An additional classification has been performed using the CWE classification, a community-developed
list of common software security weaknesses. This serves as a common language and as a baseline for
weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found