CVE-2024-6380
📋 TL;DR
A reflected Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows attackers to inject malicious scripts into web pages. When users click specially crafted links, these scripts execute in their browser sessions, potentially stealing credentials or performing unauthorized actions. This affects all ENOVIA deployments running 3DEXPERIENCE releases from R2022x through R2024x.
💻 Affected Systems
- ENOVIA Collaborative Industry Innovator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover, data theft, session hijacking, and lateral movement within the ENOVIA environment leading to intellectual property theft or system compromise.
Likely Case
Session hijacking leading to unauthorized access to sensitive engineering data, manipulation of product designs, or privilege escalation within the ENOVIA platform.
If Mitigated
Limited impact with proper input validation and output encoding, potentially only affecting individual user sessions without system-wide compromise.
🎯 Exploit Status
Reflected XSS typically requires user interaction (clicking a malicious link) but is straightforward to exploit once the vulnerable endpoint is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Dassault Systèmes advisory for specific fixed versions
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: Yes
Instructions:
1. Review Dassault Systèmes security advisory. 2. Apply the latest security patch for your 3DEXPERIENCE release. 3. Restart ENOVIA services. 4. Verify the fix by testing previously vulnerable endpoints.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allImplement WAF rules to block XSS payloads in URL parameters and form inputs
Input Validation Filter
allDeploy custom input validation to sanitize user-supplied data before processing
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to restrict script execution
- Deploy network segmentation to isolate ENOVIA systems from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Test URL parameters and form inputs with XSS payloads like <script>alert('XSS')</script> and observe if scripts executeCheck Version:
Check 3DEXPERIENCE release version through ENOVIA administration console or system propertiesVerify Fix Applied:
Retest previously vulnerable endpoints with XSS payloads and confirm scripts no longer execute📡 Detection & Monitoring
Log Indicators:
- Unusual long URL parameters containing script tags
- Multiple failed login attempts from same session
- Unexpected redirects in web server logs
Network Indicators:
- HTTP requests with script tags in query parameters
- Unusual outbound connections from ENOVIA servers
SIEM Query:
web.url:*script* AND (dst_ip:ENOVIA_SERVER_IP)