CVE-2024-10204
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious X_B or SAT files in eDrawings. It affects users of SOLIDWORKS 2024 through 2025 who open untrusted CAD files. The heap buffer overflow and uninitialized variable issues could lead to complete system compromise.
💻 Affected Systems
- SOLIDWORKS eDrawings
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with administrative privileges, data theft, ransomware deployment, and lateral movement across networks.
Likely Case
Local privilege escalation leading to data exfiltration, persistence establishment, or credential harvesting from the compromised system.
If Mitigated
Limited impact due to file type restrictions, user awareness, and endpoint protection blocking malicious files.
🎯 Exploit Status
Requires user to open malicious file. No authentication needed beyond file access. Heap manipulation requires some sophistication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Dassault Systèmes advisory for specific patch versions
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: Yes
Instructions:
1. Visit Dassault Systèmes security advisory page
2. Download latest SOLIDWORKS update
3. Install update following vendor instructions
4. Restart system to complete installation
🔧 Temporary Workarounds
File Type Restriction
allBlock X_B and SAT file extensions at email gateways and web proxies
Application Control
windowsRestrict eDrawings execution to trusted users only
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized eDrawings execution
- Educate users to never open CAD files from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check SOLIDWORKS version in Help > About. If version is 2024 or 2025, assume vulnerable until patched.Check Version:
In SOLIDWORKS: Help > About SOLIDWORKSVerify Fix Applied:
Verify installed version is later than vulnerable range and check vendor advisory for specific fixed versions.📡 Detection & Monitoring
Log Indicators:
- Unexpected eDrawings crashes
- Process creation from eDrawings with unusual parameters
- File access to X_B or SAT files from untrusted locations
Network Indicators:
- Downloads of CAD files from untrusted sources
- Outbound connections from eDrawings process
SIEM Query:
Process:edrawings.exe AND (FileExtension:.x_b OR FileExtension:.sat) AND SourceIP:External