SOLIDWORKS Desktop Vulnerabilities: Arbitrary Code Execution via File Reading
CVE-2024-1848

7.8HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Solidworks Desktop
Vendor: CVE Published:; 22 March 2024

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2024-1848?

Multiple vulnerabilities in SOLIDWORKS Desktop's file reading procedure may result in heap-based buffer overflows, memory corruption, and other types of memory errors. Attackers could exploit these vulnerabilities by tricking users into opening specially crafted files, including formats like CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B, or X_T. Such exploitations have the potential to allow arbitrary code execution, posing a significant risk to users who manage CAD files.

Affected Version(s)

SOLIDWORKS Desktop Release SOLIDWORKS 2024 SP0

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2024
Vulnerability Reserved
Feb 23, 2024