CVE-2023-1997

Summary

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesSIMULIA 3DOrchestrateRelease 3DEXPERIENCE R2021x Golden <= Release 3DEXPERIENCE R2021x.FP.CFA.2306affected
Dassault SystèmesSIMULIA 3DOrchestrateRelease 3DEXPERIENCE R2022x Golden <= Release 3DEXPERIENCE R2022x FP.CFA.2310affected
Dassault SystèmesSIMULIA 3DOrchestrateRelease 3DEXPERIENCE R2023x Golden <= Release 3DEXPERIENCE R2023x.FP.CFA.2314affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References