CVE-2023-45794 identifies a capture-replay authentication bypass vulnerability in Siemens Mendix Applications using Mendix 10 (all versions prior to 10.4.0) and earlier Mendix 7, 8, and 9 versions below specified patch levels. The vulnerability is categorized under CWE-294 (Authentication Bypass by Capture-replay). It arises due to the platform's inadequate handling of authentication tokens or session data, allowing an attacker who has already authenticated to capture and replay authentication tokens or requests to bypass intended access controls. This flaw can lead to unauthorized access or modification of application objects and privilege escalation within the context of the vulnerable app. However, exploitation depends on the app's specific model and access control design, meaning not all Mendix applications are equally vulnerable. The CVSS 3.1 score is 6.8, reflecting a medium severity with network attack vector, high attack complexity, low privileges required, no user interaction, and high impact on confidentiality and integrity but no impact on availability. No public exploits have been reported yet, but the vulnerability is publicly disclosed and should be addressed promptly. The issue affects a broad range of Mendix applications, which are widely used for rapid application development in enterprise and industrial environments, including critical infrastructure sectors.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of data managed by Mendix applications. Attackers with valid credentials could exploit the capture-replay flaw to bypass authorization controls, potentially accessing sensitive information or modifying critical data without proper permissions. This could lead to data breaches, unauthorized transactions, or manipulation of business logic, impacting operational reliability and trust. Industries such as manufacturing, energy, utilities, and public sector entities that rely on Siemens Mendix applications for critical processes are particularly at risk. The medium severity score indicates a moderate but tangible threat, especially in environments where Mendix apps handle sensitive or regulated data. The absence of known exploits in the wild provides a window for proactive mitigation, but the potential for privilege escalation and unauthorized data access necessitates urgent attention to patching and security reviews.

1. Upgrade all Mendix applications to Mendix 10.4.0 or later, or the respective patched versions for Mendix 7, 8, and 9 as soon as possible to eliminate the vulnerability. 2. Conduct a thorough review of application access control models and ensure that authorization logic is robust and does not rely solely on client-side or session-based tokens vulnerable to replay. 3. Implement additional security controls such as token binding, nonce usage, or session management enhancements to prevent replay attacks. 4. Monitor application logs for unusual authentication or access patterns that could indicate replay attempts. 5. Restrict access to Mendix applications to trusted networks or VPNs where feasible to reduce exposure to network-based replay attacks. 6. Educate developers and administrators about secure session management and the risks of capture-replay vulnerabilities. 7. Employ Web Application Firewalls (WAFs) with replay attack detection capabilities to provide an additional layer of defense. 8. Regularly audit and test Mendix applications for security weaknesses, especially after upgrades or changes to access control configurations.