CVE-2022-41172 – This vulnerability allows remote code execution... (How to Fix)

Q: What is the severity of CVE-2022-41172?

CVE-2022-41172 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote code execution when a user opens a malicious AutoCAD DXF file in SAP 3D Visual Enterprise Author. Attackers can exploit improper memory management to trigger stack-based buffer overflows or use dangling pointers. Organizations using SAP 3D Visual Enterprise Author version 9 are affected.

📋 TL;DR

This vulnerability allows remote code execution when a user opens a malicious AutoCAD DXF file in SAP 3D Visual Enterprise Author. Attackers can exploit improper memory management to trigger stack-based buffer overflows or use dangling pointers. Organizations using SAP 3D Visual Enterprise Author version 9 are affected.

💻 Affected Systems

Products:

SAP 3D Visual Enterprise Author

Versions: Version 9

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where users open DXF files with the vulnerable TeighaTranslator.exe component.

📦 What is this software?

3d Visual Enterprise Author by Sap

View all CVEs affecting 3d Visual Enterprise Author →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the user running the application, potentially leading to data theft, lateral movement, or ransomware deployment.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious DXF files from phishing emails or compromised websites.

🟢

If Mitigated

No impact if users don't open untrusted DXF files or if the application is patched.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but these could be delivered via web downloads or email attachments.

🏢 Internal Only: HIGH - Internal users frequently exchange CAD files, and social engineering could trick users into opening malicious files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. The vulnerability involves memory corruption which requires careful crafting of exploit payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Note 3245929

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3245929

Restart Required: Yes

Instructions:

1. Download the patch from SAP Note 3245929. 2. Apply the patch according to SAP's instructions. 3. Restart the application and any related services.

🔧 Temporary Workarounds

Restrict DXF file handling

windows

Configure the system to open DXF files with alternative software or block DXF files from untrusted sources.

Application control

windows

Use application whitelisting to prevent execution of TeighaTranslator.exe from untrusted locations.

🧯 If You Can't Patch

Implement strict email filtering to block DXF attachments from external sources.
Educate users to never open DXF files from untrusted sources and use alternative CAD software for viewing.

🔍 How to Verify

Check if Vulnerable:

Check if SAP 3D Visual Enterprise Author version 9 is installed without SAP Note 3245929 applied.

Check Version:

Check application version via Help > About in SAP 3D Visual Enterprise Author interface.

Verify Fix Applied:

Verify that SAP Note 3245929 is applied and check the application version in About dialog.

📡 Detection & Monitoring

Log Indicators:

Process creation events for TeighaTranslator.exe with suspicious parent processes
Application crash logs from SAP 3D Visual Enterprise Author

Network Indicators:

Downloads of DXF files from suspicious sources followed by application execution

SIEM Query:

Process Creation where Image contains 'TeighaTranslator.exe' AND CommandLine contains '.dxf'

📊 Metadata

CVE ID: CVE-2022-41172

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: October 11, 2022

Last Updated: February 25, 2026

🔗 References

https://launchpad.support.sap.com/#/notes/3245929 Permissions Required,Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
https://launchpad.support.sap.com/#/notes/3245929 Permissions Required,Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-41172, you might also want to check these: