{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-50313","assignerOrgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","state":"PUBLISHED","assignerShortName":"siemens","dateReserved":"2024-10-22T15:35:51.132Z","datePublished":"2024-11-12T12:49:54.803Z","dateUpdated":"2025-08-27T21:33:05.238Z"},"containers":{"cna":{"providerMetadata":{"orgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","shortName":"siemens","dateUpdated":"2025-08-12T11:16:45.329Z"},"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures."}],"affected":[{"vendor":"Siemens","product":"Mendix Runtime V10","versions":[{"status":"affected","version":"0","lessThan":"V10.16.0","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"Mendix Runtime V10.12","versions":[{"status":"affected","version":"0","lessThan":"V10.12.7","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"Mendix Runtime V10.6","versions":[{"status":"affected","version":"0","lessThan":"V10.6.15","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"Mendix Runtime V8","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"Mendix Runtime V9","versions":[{"status":"affected","version":"0","lessThan":"V9.24.29","versionType":"custom"}],"defaultStatus":"unknown"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM"}},{"cvssV4_0":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseScore":6.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-362","description":"CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","type":"CWE"}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-914892.html"}]},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.8,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"id":"CVE-2024-50313","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-11-12T14:16:20.945053Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-27T21:33:05.238Z"}}]}}