OS Command Injection vulnerability affecting BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023
CVE-2023-6078

9.8CRITICAL

Key Information:

Vendor: Dassault Systèmes
Status: BIOVIA Materials Studio products
Vendor: CVE Published:; 1 February 2024

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-6078?

An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Dassault Systèmes, spanning Releases 2021 to 2023. This vulnerability allows attackers to upload a specially crafted perl script, potentially leading to arbitrary execution of system commands. Organizations using affected versions should evaluate their security posture and apply necessary mitigations to prevent exploitation.

Affected Version(s)

BIOVIA Materials Studio products BIOVIA 2021 Golden

BIOVIA Materials Studio products BIOVIA 2022 Golden

BIOVIA Materials Studio products BIOVIA 2023 Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2024
Vulnerability Reserved
Nov 10, 2023