Full Report
Mendix Studio Pro is vulnerable to an out of bounds write vulnerability in the integrated libwebp library (CVE-2023-4863), that could allow an attacker to execute code in the context of a victim user’s system. Siemens has released updates for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Code Execution via Out-of-Bounds Write in Mendix Studio Pro (libwebp)
## CVE Details
- CVE ID: CVE-2023-4863
- CVSS Score: 7.5 (High)
- CWE: CWE-787: Out-of-bounds Write
## Affected Systems
- Products: Mendix Studio Pro
- Versions:
- Mendix Studio Pro 7: All versions prior to V7.23.37
- Mendix Studio Pro 8: All versions prior to V8.18.27
- Mendix Studio Pro 9: All versions prior to V9.24.0
- Mendix Studio Pro 10: All versions prior to V10.3.1
- Configurations: Triggered when a user adds specially crafted image files (or Mendix Marketplace content containing them) to their project and opens the document containing the image.
## Vulnerability Description
The vulnerability is an out-of-bounds write flaw residing within the integrated `libwebp` library used by Mendix Studio Pro. This flaw can be triggered by processing maliciously crafted WebP image files. Successful exploitation allows an attacker to potentially execute arbitrary code within the context of the victim user’s system.
## Exploitation
- Status: Exploitation documentation suggests the vulnerability exists and has known preconditions (PoC availability is implied by the vector, though not explicitly confirmed as public, but the CVSS E rating suggests it has reach).
- Complexity: High (CVSS AC:H - Attack Complexity High)
- Attack Vector: Local (CVSS AV:L - Attack Vector Local)
## Impact
- Confidentiality: High
- Integrity: High
- Availability: High
## Remediation
### Patches
Users must update to the following versions or later:
- Mendix Studio Pro 7: Update to **V7.23.37** or later.
- Mendix Studio Pro 8: Update to **V8.18.27** or later.
- Mendix Studio Pro 9: Update to **V9.24.0** or later.
- Mendix Studio Pro 10: Update to **V10.3.1** or later.
### Workarounds
The security advisory directs users to consult the product-specific sections for remediations/mitigations and to follow general security recommendations.
## Detection
- Detection methods are not explicitly detailed in the summary, but generally involve monitoring for unusual file processing or integrity checks related to WebP parsing within the application environment leading up to potential crashes or unexpected code execution.
## References
- Vendor Advisory: SSA-268517
- Siemens ProductCERT Advisories: hxxps://www.siemens.com/cert/advisories