CVE-2023-2140 – This CVE describes a Server-Side Request Forger... (How to Fix)

Q: What is the severity of CVE-2023-2140?

CVE-2023-2140 has a CVSS score of 7.5 (HIGH). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in DELMIA Apriso manufacturing software. Unauthenticated attackers can force the application server to make requests to arbitrary internal or external systems, potentially accessing sensitive data or internal services. Organizations using DELMIA Apriso Release 2017 through Release 2022 are affected.

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in DELMIA Apriso manufacturing software. Unauthenticated attackers can force the application server to make requests to arbitrary internal or external systems, potentially accessing sensitive data or internal services. Organizations using DELMIA Apriso Release 2017 through Release 2022 are affected.

💻 Affected Systems

Products:

DELMIA Apriso

Versions: Release 2017 through Release 2022

Operating Systems: Windows Server (typical deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments within the affected version range are vulnerable unless specifically patched.

📦 What is this software?

Delmia Apriso by 3ds

View all CVEs affecting Delmia Apriso →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal systems, exfiltrate sensitive data, pivot to other network segments, or abuse the server's trusted position to attack third-party systems.

🟠

Likely Case

Information disclosure from internal services, scanning of internal networks, or abuse of the server to attack other systems.

🟢

If Mitigated

Limited impact if network segmentation restricts server outbound access and internal services require authentication.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation allows direct attacks from the internet if the application is exposed.

🏢 Internal Only: MEDIUM - Internal attackers could still abuse the vulnerability to pivot or access restricted systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SSRF vulnerabilities typically have low exploitation complexity once the vulnerable endpoint is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Dassault Systèmes advisory for specific patched versions

Vendor Advisory: https://www.3ds.com/vulnerability/advisories

Restart Required: Yes

Instructions:

1. Review Dassault Systèmes security advisory. 2. Apply the recommended patch/update. 3. Restart the DELMIA Apriso application services. 4. Verify the fix.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from the DELMIA Apriso server to only necessary destinations

Web Application Firewall

all

Deploy WAF rules to block SSRF patterns and unexpected outbound requests

🧯 If You Can't Patch

Implement strict network egress filtering to limit the server's outbound connections
Deploy the application behind a reverse proxy that validates and sanitizes all outgoing requests

🔍 How to Verify

Check if Vulnerable:

Check DELMIA Apriso version against affected range (2017-2022). If unpatched and within range, assume vulnerable.

Check Version:

Check within DELMIA Apriso administration interface or installation documentation

Verify Fix Applied:

Verify installed version is newer than affected versions and test SSRF functionality is blocked.

📡 Detection & Monitoring

Log Indicators:

Unexpected outbound HTTP requests from DELMIA Apriso server
Requests to internal IP ranges or unusual domains

Network Indicators:

DELMIA Apriso server making requests to unexpected destinations
Pattern of requests to internal services from the application server

SIEM Query:

source_ip="DELMIA_SERVER_IP" AND (dest_ip IN [INTERNAL_RANGES] OR dest_domain NOT IN [ALLOWED_DOMAINS])

📊 Metadata

CVE ID: CVE-2023-2140

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-918

Published: April 21, 2023

Last Updated: November 21, 2024

🔗 References

https://www.3ds.com/vulnerability/advisories Vendor Advisory
https://www.3ds.com/vulnerability/advisories Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2140, you might also want to check these: