CVE-2024-3300 Scanner

Delmia Apriso is an advanced manufacturing execution system used widely across the industry for improving operational production processes. It is implemented by companies to optimize manufacturing activities and streamline workflows from planning to shop floor operations. The software monitors real-time operations and aligns them with business strategies, enabling enhanced visibility and control over manufacturing practices. Delmia Apriso is typically utilized by manufacturing corporations seeking automation, efficiency, and data-driven insights for decision-making. Industries employing this platform range from automotive and aerospace to defense and consumer goods. This product is designed to facilitate seamless operations, enhance productivity, and provide a competitive edge by enabling integrated manufacturing solutions.

In Delmia Apriso, a vulnerability pertaining to remote code execution (RCE) has been identified, specifically involving unsafe .NET object deserialization. This vulnerability allows unauthorized execution of code by exploiting serialized objects when unsafely deserialized. Attackers can leverage this flaw to execute arbitrary commands, potentially gaining unauthorized access to system resources and sensitive data. The critical nature of this vulnerability stems from its pre-authentication stage, allowing exploitation without user credentials. Consequently, the integrity, confidentiality, and availability of the system could be severely compromised. Identifying and mitigating such vulnerabilities is crucial to safeguarding systems from potential breaches and maintaining operational security within the organization.

The technical details reveal that the Delmia Apriso portals are vulnerable at specific endpoints, notably during the deserialization process. The 'apriso/portal/kiosk/querylogin.aspx' endpoint can be manipulated through crafted payloads to achieve remote command execution. By embedding malicious serialized objects within the HTTP request, attackers can trigger code execution at an elevation level not permitted by the system’s intended configuration. The 'EncryptedLogonInfo' parameter is the primary vector used for injecting the payload. This process exploits the system's failure to adequately validate and handle serialized data, creating an open door for malicious exploitation.

When exploited, the remote code execution vulnerability in Delmia Apriso could lead to several severe consequences, including unauthorized access to system controls and data leakage. Attackers may manipulate the execution flow, install malware, extract valuable information, or perform additional attacks from within the breached environment. Such actions could result in operational disruptions, financial losses, data theft, legal ramifications, and damage to the organization’s reputation. Efforts must be made to swiftly address such vulnerabilities through patches and enhanced security practices to safeguard sensitive enterprise systems.

REFERENCES

• https://www.synacktiv.com/en/advisories/multiple-vulnerabilities-in-delmia-apriso-2019-to-2024
• https://www.3ds.com/vulnerability/advisories