CVE-2024-1848
📋 TL;DR
Multiple memory corruption vulnerabilities in SOLIDWORKS Desktop 2024 allow arbitrary code execution when opening malicious CAD files. Attackers can exploit these flaws by tricking users into opening specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B, or X_T files. Organizations using SOLIDWORKS 2024 for engineering and design work are affected.
💻 Affected Systems
- SOLIDWORKS Desktop
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the affected workstation, enabling lateral movement, data theft, and persistent access.
Likely Case
Local privilege escalation leading to malware installation, data exfiltration, or ransomware deployment on individual engineering workstations.
If Mitigated
Contained impact limited to the user's session if proper application sandboxing and least privilege controls are implemented.
🎯 Exploit Status
Exploitation requires user interaction to open malicious files. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patch version
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: Yes
Instructions:
1. Visit the Dassault Systèmes vulnerability advisory page. 2. Download the latest SOLIDWORKS 2024 update. 3. Install the update following vendor instructions. 4. Restart the system.
🔧 Temporary Workarounds
File Type Restriction
windowsBlock or restrict opening of vulnerable file types through application controls or group policy.
Application Sandboxing
windowsRun SOLIDWORKS in a sandboxed environment to limit potential damage from exploitation.
🧯 If You Can't Patch
- Implement strict file validation policies to block untrusted CAD files
- Run SOLIDWORKS with minimal user privileges and in isolated network segments
🔍 How to Verify
Check if Vulnerable:
Check SOLIDWORKS version in Help > About SOLIDWORKS. If version is 2024, system is vulnerable.Check Version:
Not applicable - check via SOLIDWORDS GUI Help > AboutVerify Fix Applied:
Verify SOLIDWORKS version after update and confirm it's no longer 2024 base version.📡 Detection & Monitoring
Log Indicators:
- Unusual process creation from SOLIDWORKS.exe
- Multiple failed file parsing attempts
- Memory access violations in application logs
Network Indicators:
- Unexpected outbound connections from SOLIDWORKS workstations
- File downloads to engineering systems from untrusted sources
SIEM Query:
Process Creation where Image contains 'solidworks.exe' AND CommandLine contains suspicious file extensions