Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022
CVE-2023-2141

8.5HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Delmia Apriso
Vendor: CVE Published:; 21 April 2023

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-2141?

A security flaw in DELMIA Apriso releases from 2017 through 2022 involves an unsafe .NET object deserialization process. This vulnerability could potentially allow an attacker to execute arbitrary code remotely following successful authentication. Users of these versions are advised to review their systems and implement recommended security measures to mitigate potential risks associated with this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DELMIA Apriso Apriso 2017 Golden

DELMIA Apriso Apriso 2018 Golden

DELMIA Apriso Apriso 2019 Golden

References

https://www.3ds.com/vulnerability/advisories

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 21, 2023
Vulnerability Reserved
Apr 18, 2023

Credit

Mehdi Elyassa and Vincent Herbulot from Synacktiv

JSON

Dassault Systèmes

What is CVE-2023-2141?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.