Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022
CVE-2023-2141

8.5HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Delmia Apriso
Vendor: CVE Published:; 21 April 2023

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-2141?

A security flaw in DELMIA Apriso releases from 2017 through 2022 involves an unsafe .NET object deserialization process. This vulnerability could potentially allow an attacker to execute arbitrary code remotely following successful authentication. Users of these versions are advised to review their systems and implement recommended security measures to mitigate potential risks associated with this issue.

Affected Version(s)

DELMIA Apriso Apriso 2017 Golden

DELMIA Apriso Apriso 2018 Golden

DELMIA Apriso Apriso 2019 Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2023
Vulnerability Reserved
Apr 18, 2023

Credit

Mehdi Elyassa and Vincent Herbulot from Synacktiv