CVE-2024-1847
📋 TL;DR
Multiple memory corruption vulnerabilities in eDrawings (SOLIDWORKS 2023-2024) allow arbitrary code execution when opening malicious CAD files. Attackers can exploit these flaws to take control of affected systems. Users of SOLIDWORKS 2023 through 2024 are vulnerable.
💻 Affected Systems
- eDrawings
- SOLIDWORKS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control, data theft, ransomware deployment, and lateral movement within networks.
Likely Case
Malware installation, data exfiltration, or system disruption through crafted CAD files sent via email or downloaded.
If Mitigated
Limited impact with proper file validation, user awareness, and network segmentation preventing successful exploitation.
🎯 Exploit Status
Exploitation requires user interaction to open malicious file. No public exploit code known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: Yes
Instructions:
1. Visit the Dassault Systèmes vulnerability advisory page
2. Download and install the latest security updates for your SOLIDWORKS version
3. Restart affected systems after patching
🔧 Temporary Workarounds
File Type Restriction
windowsBlock or restrict opening of vulnerable CAD file types (.CATPART, .IPT, .JT, .SAT, .STL, .STP, .X_B, .X_T) from untrusted sources
Application Control
windowsUse application whitelisting to prevent unauthorized execution of eDrawings/SOLIDWORKS
🧯 If You Can't Patch
- Implement strict email filtering for CAD attachments
- Train users to never open CAD files from untrusted sources
- Isolate SOLIDWORKS systems on segmented networks
- Use virtualization/sandboxing for CAD file processing
🔍 How to Verify
Check if Vulnerable:
Check SOLIDWORKS version in Help > About SOLIDWORKS. If version is 2023 or 2024, system is vulnerable.Check Version:
In SOLIDWORKS: Help > About SOLIDWORKSVerify Fix Applied:
Verify installed version is updated beyond vulnerable releases per vendor advisory. Test opening known safe CAD files.📡 Detection & Monitoring
Log Indicators:
- Unexpected eDrawings/SOLIDWORKS crashes
- Process creation from eDrawings with suspicious parameters
- File access to CAD files from unusual locations
Network Indicators:
- CAD file downloads from untrusted sources
- Outbound connections from SOLIDWORKS processes
SIEM Query:
Process: eDrawings.exe AND (EventID: 1000 OR ParentProcess: cmd.exe OR CommandLine: *CATPART* OR CommandLine: *IPT*)