CVE-2023-6078

Summary

An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesBIOVIA Materials Studio productsBIOVIA 2021 Goldenaffected
Dassault SystèmesBIOVIA Materials Studio productsBIOVIA 2022 Goldenaffected
Dassault SystèmesBIOVIA Materials Studio productsBIOVIA 2023 Goldenaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References