Skip to content

eDrawings Viewer DXF File Parsing RCE Vulnerability - 202405010004

Overview

A vulnerability has been found in Dassault Systèmes eDrawings 2023/2024 which has been classified as critical. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Systèmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

What is vulnerable?

CVE Severity CVSS Product(s) Affected Summary Dated
CVE-2024-3298 Critical 7.8 from Release SOLIDWORKS 2023
through Release SOLIDWORKS 2024
Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847. 04-04-2024

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

  • No known mitigations have been announced at the time of this publication. It is highly recommended to patch any affected products as soon as they become available.

  • For additional notes refer to Support Knowledge Base (KB) found here.

Additional References