CVE-2023-2141

Summary

An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesDELMIA AprisoApriso 2017 Golden <= Apriso 2017 SP7affected
Dassault SystèmesDELMIA AprisoApriso 2018 Golden <= Apriso 2018 SP4affected
Dassault SystèmesDELMIA AprisoApriso 2019 Golden <= Apriso 2019 SP5affected
Dassault SystèmesDELMIA AprisoApriso 2020 Golden <= Apriso 2020 SP4affected
Dassault SystèmesDELMIA AprisoApriso 2021 Golden <= Apriso 2021 SP2affected
Dassault SystèmesDELMIA AprisoApriso 2022 Goldenaffected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References