Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SIMULIA 3DOrchestrate by Dassault Systèmes

    CVE-2023-1997 (GCVE-0-2023-1997)

    Vulnerability from nvd – Published: 2023-08-28 15:37 – Updated: 2024-10-02 14:14
    VLAI
    Title
    OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x
    Summary
    An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes SIMULIA 3DOrchestrate Affected: Release 3DEXPERIENCE R2021x Golden , ≤ Release 3DEXPERIENCE R2021x.FP.CFA.2306 (custom)
    Affected: Release 3DEXPERIENCE R2022x Golden , ≤ Release 3DEXPERIENCE R2022x FP.CFA.2310 (custom)
    Affected: Release 3DEXPERIENCE R2023x Golden , ≤ Release 3DEXPERIENCE R2023x.FP.CFA.2314 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:05:27.109Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1997",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T14:14:19.906294Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T14:14:30.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIMULIA 3DOrchestrate",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2021x.FP.CFA.2306",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2021x Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2022x FP.CFA.2310",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2022x Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2314",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2023x Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution."
                }
              ],
              "value": "An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-28T15:37:21.969Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-1997",
        "datePublished": "2023-08-28T15:37:21.969Z",
        "dateReserved": "2023-04-12T09:30:38.964Z",
        "dateUpdated": "2024-10-02T14:14:30.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1997 (GCVE-0-2023-1997)

    Vulnerability from cvelistv5 – Published: 2023-08-28 15:37 – Updated: 2024-10-02 14:14
    VLAI
    Title
    OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x
    Summary
    An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes SIMULIA 3DOrchestrate Affected: Release 3DEXPERIENCE R2021x Golden , ≤ Release 3DEXPERIENCE R2021x.FP.CFA.2306 (custom)
    Affected: Release 3DEXPERIENCE R2022x Golden , ≤ Release 3DEXPERIENCE R2022x FP.CFA.2310 (custom)
    Affected: Release 3DEXPERIENCE R2023x Golden , ≤ Release 3DEXPERIENCE R2023x.FP.CFA.2314 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:05:27.109Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1997",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T14:14:19.906294Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T14:14:30.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIMULIA 3DOrchestrate",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2021x.FP.CFA.2306",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2021x Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2022x FP.CFA.2310",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2022x Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2314",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2023x Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution."
                }
              ],
              "value": "An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-28T15:37:21.969Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-1997",
        "datePublished": "2023-08-28T15:37:21.969Z",
        "dateReserved": "2023-04-12T09:30:38.964Z",
        "dateUpdated": "2024-10-02T14:14:30.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }