CVE-2024-3300 Scanner
CVE-2024-3300 Scanner - Java Deserialization (Remote Code Execution) vulnerability in Delmia Apriso
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
9 days 4 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Delmia Apriso is a comprehensive manufacturing operations management software developed by Dassault Systèmes. It is used globally across industries such as automotive, aerospace, and industrial equipment manufacturing to streamline and digitize production and quality operations. The platform helps unify manufacturing operations across different sites, offering modules for quality control, logistics, and production. It is typically deployed in environments requiring high performance and scalability. The software integrates with various enterprise systems including ERP and PLM platforms. Due to its widespread use in industrial environments, any security vulnerabilities in Delmia Apriso can significantly affect business operations.
The scanner detects an unsafe .NET object deserialization vulnerability in Delmia Apriso. This vulnerability allows attackers to achieve remote code execution without requiring authentication. It exists in versions released from 2019 to 2024 and could be exploited via crafted requests sent to specific endpoints. Attackers leveraging this flaw can gain full control over the system where the software is hosted. Deserialization issues arise when user-controllable data is deserialized without proper validation. This vulnerability is classified as critical due to its ease of exploitation and severe consequences.
Technically, the vulnerability is found in the `/apriso/portal/kiosk/querylogin.aspx` endpoint. A malicious payload can be passed to the `EncryptedLogonInfo` parameter in a POST request. If successfully deserialized by the application, it leads to code execution. The detection mechanism checks for specific status codes and response content, such as a 302 redirect and the string “It works!” in the response. The affected versions include Delmia Apriso from Release 2019 to Release 2024. The issue arises from insecure handling of serialized .NET objects before user authentication.
If exploited, this vulnerability could result in full compromise of the target system. Attackers may gain unauthorized access to critical infrastructure and sensitive manufacturing data. It can lead to the disruption of manufacturing operations and manipulation of industrial processes. Further, this could serve as a pivot point for lateral movement across enterprise networks. The exploitation of such a vulnerability could result in significant financial losses and reputational damage. Organizations using affected versions are strongly advised to apply patches immediately.
REFERENCES