CVE-2023-45794 is a capture-replay authentication bypass vulnerability classified under CWE-294 that affects Siemens Mendix Applications built on Mendix 10 versions prior to 10.4.0, as well as earlier Mendix 7, 8, and 9 versions below their respective patch levels. Mendix is a low-code application development platform widely used for enterprise and industrial applications. The vulnerability stems from the platform's flawed handling of authentication tokens or session data, which can be captured by an attacker with network access and replayed to bypass authentication controls. This flaw is conditional on the app's specific model and access control design, meaning that the impact depends on how the application implements authorization and session management. An attacker who is already authenticated with low privileges can exploit this flaw to gain unauthorized access to or modify objects within the application, or escalate their privileges, potentially compromising the confidentiality and integrity of the application data. The vulnerability does not require user interaction but does require some level of authentication, limiting the attack surface to insiders or attackers who have obtained initial access. The CVSS v3.1 score of 6.8 reflects a network attack vector, low attack complexity, low privileges required, no user interaction, and high impact on confidentiality and integrity, but no impact on availability. No public exploits or active exploitation have been reported yet, but the vulnerability is significant given Mendix's use in critical business and industrial applications. Siemens has released patches in Mendix 10.4.0 and corresponding versions for earlier Mendix lines to address this issue.

For European organizations, this vulnerability poses a significant risk especially to those relying on Mendix-based applications for critical business processes, industrial automation, or infrastructure management. Successful exploitation can lead to unauthorized data access, data modification, and privilege escalation within affected applications, potentially resulting in data breaches, operational disruption, or compliance violations under GDPR and other regulations. Given Mendix's adoption in sectors such as manufacturing, energy, and finance, the impact could extend to operational technology environments and sensitive data repositories. The requirement for an attacker to have some authenticated access limits the risk to insider threats or attackers who have compromised initial credentials, but the ease of replay attacks means lateral movement and privilege escalation within networks could be facilitated. This could undermine trust in application integrity and confidentiality, leading to reputational damage and financial losses. Organizations with complex access control models may face challenges in fully mitigating the risk without patching. The absence of known exploits reduces immediate urgency but does not eliminate the threat, as attackers may develop exploits in the future.

European organizations should immediately prioritize upgrading Mendix applications to version 10.4.0 or later, or the corresponding patched versions for Mendix 7, 8, and 9. In parallel, conduct a thorough review of application access control models to ensure least privilege principles are strictly enforced and that sensitive operations require multi-factor authentication or additional verification. Implement network segmentation and monitoring to detect unusual replay or authentication anomalies, focusing on internal traffic where authenticated sessions are used. Employ session management best practices such as binding sessions to client attributes (IP, device fingerprint) and implementing short session lifetimes to reduce replay window. Use application-layer logging and anomaly detection to identify suspicious access patterns indicative of replay attacks. Educate internal users about credential security to reduce risk of initial credential compromise. Finally, coordinate with Siemens and Mendix support for guidance on secure configuration and any additional patches or workarounds.