CVE-2024-12090
📋 TL;DR
A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator on 3DEXPERIENCE R2024x allows attackers to inject malicious scripts that execute in users' browsers when viewing affected content. This affects all users of the vulnerable ENOVIA platform who access compromised data. Attackers can steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- ENOVIA Collaborative Industry Innovator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, gain full system access, exfiltrate sensitive intellectual property, and deploy ransomware across the enterprise environment.
Likely Case
Attackers steal user session credentials, access confidential product designs and business data, and perform unauthorized actions within the ENOVIA platform.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before reaching users' browsers, preventing exploitation.
🎯 Exploit Status
Exploitation requires the attacker to have some level of access to inject malicious scripts into stored content. The vulnerability is in the web application layer.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patch version
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: Yes
Instructions:
1. Review the Dassault Systèmes security advisory. 2. Download and apply the official patch from Dassault Systèmes support portal. 3. Restart the ENOVIA application server. 4. Test functionality after patching.
🔧 Temporary Workarounds
Implement Content Security Policy
allDeploy a strict Content Security Policy header to restrict script execution sources
Add 'Content-Security-Policy: script-src 'self'' to web server headers
Input Validation Filter
allImplement server-side input validation to sanitize user inputs before storage
Implement input sanitization in ENOVIA web controllers
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) with XSS protection rules
- Disable user input fields that accept HTML/JavaScript content
🔍 How to Verify
Check if Vulnerable:
Test by attempting to inject script tags into user-input fields and checking if they execute when viewedCheck Version:
Check ENOVIA version through administration console or system information pageVerify Fix Applied:
After patching, attempt the same XSS injection tests and verify scripts no longer execute📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests with script tags in parameters
- Multiple failed XSS attempts in web server logs
Network Indicators:
- Outbound connections to suspicious domains from ENOVIA servers
- Unusual JavaScript payloads in HTTP traffic
SIEM Query:
source="web_server_logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")