eDrawings Viewer DXF File Parsing RCE Vulnerability - 202405010004¶
Overview¶
A vulnerability has been found in Dassault Systèmes eDrawings 2023/2024 which has been classified as critical. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Systèmes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated |
|---|---|---|---|---|---|
| CVE-2024-3298 | Critical | 7.8 | from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024 |
Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847. | 04-04-2024 |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):
-
No known mitigations have been announced at the time of this publication. It is highly recommended to patch any affected products as soon as they become available.
-
For additional notes refer to Support Knowledge Base (KB) found here.