Urgent Security Alert: Critical Flaw in Dassault SOLIDWORKS and eDrawings Actively Exploited
Cybersecurity authorities have issued a pressing warning regarding a critical vulnerability affecting popular design and engineering software from Dassault Systèmes. This flaw, found in specific versions of SOLIDWORKS Visualize and eDrawings, is not just a theoretical risk—it is being actively exploited by attackers in the wild.
If your organization uses these tools, immediate action is required to prevent a potentially devastating security breach. This vulnerability allows for remote code execution (RCE), one of the most severe types of security flaws, giving attackers the ability to take control of affected systems.
What is the Vulnerability?
The security flaw is tracked as CVE-2023-37965 and is classified as an “out-of-bounds write” vulnerability. In simple terms, this means an attacker can trick the software into writing data outside of its intended memory space by having a user open a malicious file.
Specifically, the vulnerability is triggered when the software processes a specially crafted Jupiter Tesselation (.jt) file. By exploiting this flaw, a remote attacker can execute arbitrary code on the victim’s computer. This action is performed with the same permissions as the logged-in user, which could grant the attacker significant control over the system.
Who is at Risk?
This vulnerability directly impacts users of specific Dassault Systèmes products. You are at risk if you are using any of the following versions:
- eDrawings: Versions 2023 SP5 and earlier
- SOLIDWORKS Visualize: Versions 2023 SP5 and earlier
Given the widespread use of these applications in manufacturing, engineering, and design industries, the potential impact is significant. Any organization relying on this software should consider itself a potential target.
The Real-World Threat: Active Exploitation Confirmed
The urgency of this situation cannot be overstated. Federal cybersecurity agencies have added this vulnerability to their catalog of known exploited vulnerabilities. This confirmation means that malicious actors have developed a working exploit for this flaw and are actively using it in real-world attacks.
When a vulnerability is actively exploited, the timeline for patching shrinks dramatically. It is no longer a question of if you will be targeted, but when. Attackers often automate their scans for unpatched systems, making any internet-connected, vulnerable machine an easy target.
Your Immediate Action Plan: How to Protect Your Systems
Time is of the essence. Organizations must act swiftly to mitigate this threat. Follow these crucial steps to secure your environment.
1. Identify Affected Software
Conduct an immediate inventory of all systems running Dassault Systèmes software. Pinpoint every workstation that has SOLIDWORKS Visualize or eDrawings installed and verify their version numbers to determine if they fall within the vulnerable range (2023 SP5 and earlier).
2. Apply Patches Immediately
Dassault Systèmes has already released security updates to address this vulnerability. The fixes were included in versions released in April 2024. Updating your software to the latest version is the most critical step you can take. Ensure you install a version that is explicitly stated to contain the fix for CVE-2023-37965. Do not delay this process.
3. Practice Enhanced Cyber Hygiene
While patching is the ultimate solution, reinforcing good security practices provides an essential layer of defense:
- Be Cautious with Files: Instruct all users to be extremely wary of opening
.jtfiles or other design files from untrusted or unsolicited sources, such as unexpected emails. - Limit User Privileges: Ensure users do not operate with administrative privileges for their daily tasks. This can limit the damage an attacker can do if they successfully execute malicious code.
- Use Endpoint Security: A modern antivirus or endpoint detection and response (EDR) solution may help detect and block malicious activity resulting from an exploit.
Why This Matters for Your Organization
A remote code execution (RCE) vulnerability is a worst-case scenario. If an attacker successfully exploits this flaw, they could:
- Steal sensitive intellectual property, including proprietary designs, client data, and trade secrets.
- Install ransomware and hold your organization’s data hostage.
- Deploy spyware to monitor user activity and steal credentials.
- Use the compromised machine as a pivot point to move laterally across your network and attack other systems.
The potential for financial loss, reputational damage, and operational disruption is immense. Protecting your systems from this known and active threat should be a top priority for your IT and security teams. Do not wait for an incident to occur—patch your systems now.
Source: https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-dassault-rce-vulnerability/
