CVE-2024-23146

Q: What is the severity of CVE-2024-23146?

CVE-2024-23146 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code or cause crashes by tricking AutoCAD into processing malicious X_B and X_T files. It affects AutoCAD users who open untrusted CAD files. The vulnerability exists in pskernel.DLL and can be exploited without authentication.

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code or cause crashes by tricking AutoCAD into processing malicious X_B and X_T files. It affects AutoCAD users who open untrusted CAD files. The vulnerability exists in pskernel.DLL and can be exploited without authentication.

💻 Affected Systems

Products:

Autodesk AutoCAD

Versions: Multiple versions prior to the security update

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All AutoCAD installations using affected versions are vulnerable by default when processing X_B or X_T files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the AutoCAD process, potentially leading to full system compromise.

🟠

Likely Case

Application crashes and denial of service when processing malicious files, with potential for limited code execution.

🟢

If Mitigated

Limited impact if users only open trusted files and AutoCAD runs with restricted privileges.

🌐 Internet-Facing: MEDIUM - Attackers could host malicious files online, but requires user interaction to open them.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via email or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files, but no authentication is needed once the file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Autodesk Security Advisory ADSK-SA-2024-0009 for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

Restart Required: Yes

Instructions:

1. Open AutoCAD. 2. Navigate to Help > About. 3. Check for updates. 4. Install available security updates. 5. Restart AutoCAD.

🔧 Temporary Workarounds

Restrict file types

windows

Block or restrict opening of X_B and X_T files through group policy or application whitelisting.

Run with reduced privileges

all

Configure AutoCAD to run with limited user privileges to reduce impact of successful exploitation.

🧯 If You Can't Patch

Implement strict file handling policies: only open CAD files from trusted sources
Use application sandboxing or virtualization to isolate AutoCAD from critical systems

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against affected versions listed in Autodesk Security Advisory ADSK-SA-2024-0009

Check Version:

In AutoCAD: Help > About, or check Windows Programs and Features for version information

Verify Fix Applied:

Verify AutoCAD version is updated to patched version specified in the security advisory

📡 Detection & Monitoring

Log Indicators:

AutoCAD crash logs with pskernel.DLL errors
Unexpected file parsing errors in application logs

Network Indicators:

Downloads of X_B or X_T files from untrusted sources

SIEM Query:

source="autocad.log" AND (error OR crash) AND pskernel.DLL

📊 Metadata

CVE ID: CVE-2024-23146

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 25, 2024

Last Updated: November 13, 2025

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict file types

Run with reduced privileges

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities