CVE-2022-41177 – This vulnerability in SAP 3D Visual Enterprise ... (How to Fix)

Q: What is the severity of CVE-2022-41177?

CVE-2022-41177 has a CVSS score of 7.8 (HIGH). This vulnerability in SAP 3D Visual Enterprise Author allows remote code execution when a user opens a malicious IGES file. Attackers can exploit improper memory management to execute arbitrary code on the victim's system. Only version 9 of this specific SAP software is affected.

📋 TL;DR

This vulnerability in SAP 3D Visual Enterprise Author allows remote code execution when a user opens a malicious IGES file. Attackers can exploit improper memory management to execute arbitrary code on the victim's system. Only version 9 of this specific SAP software is affected.

💻 Affected Systems

Products:

SAP 3D Visual Enterprise Author

Versions: Version 9 only

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious IGES file. CoreCadTranslator.exe component is vulnerable.

📦 What is this software?

3d Visual Enterprise Author by Sap

View all CVEs affecting 3d Visual Enterprise Author →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the victim's computer, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to installation of malware, data exfiltration, or persistence mechanisms on the affected workstation.

🟢

If Mitigated

No impact if users don't open untrusted IGES files or if the software is patched.

🌐 Internet-Facing: LOW with brief explanation

🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Security Note 3245929

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3245929

Restart Required: Yes

Instructions:

1. Download patch from SAP Support Portal. 2. Apply SAP Security Note 3245929. 3. Restart affected systems. 4. Verify installation.

🔧 Temporary Workarounds

Restrict IGES file handling

windows

Block or restrict opening of .igs and .iges files through application control policies

User awareness training

all

Train users not to open IGES files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to block CoreCadTranslator.exe execution
Use email/web gateways to block IGES file attachments from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check if SAP 3D Visual Enterprise Author version 9 is installed without Security Note 3245929 applied

Check Version:

Check application version in About dialog or registry

Verify Fix Applied:

Verify SAP Security Note 3245929 is installed and version is updated

📡 Detection & Monitoring

Log Indicators:

Failed attempts to open corrupted IGES files
Unexpected CoreCadTranslator.exe crashes

Network Indicators:

IGES file downloads from suspicious sources

SIEM Query:

Process creation: CoreCadTranslator.exe with suspicious parent processes or command line arguments

📊 Metadata

CVE ID: CVE-2022-41177

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: October 11, 2022

Last Updated: February 25, 2026

🔗 References

https://launchpad.support.sap.com/#/notes/3245929 Permissions Required,Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
https://launchpad.support.sap.com/#/notes/3245929 Permissions Required,Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-41177, you might also want to check these: