CVE-2023-6078

An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.3ds.com/vulnerability/advisories	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:3ds:biovia_materials_studio:*:*:*:*:*:*:*:*

History

09 Feb 2024, 20:23

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 9.8
First Time		3ds 3ds biovia Materials Studio
CPE		cpe:2.3:a:3ds:biovia_materials_studio::::::::
References	~~() https://www.3ds.com/vulnerability/advisories -~~	() https://www.3ds.com/vulnerability/advisories - Vendor Advisory

01 Feb 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-01 14:15

Updated : 2024-02-09 20:23

NVD link : CVE-2023-6078

Mitre link : CVE-2023-6078

CVE.ORG link : CVE-2023-6078

JSON object : View

Products Affected

3ds

biovia_materials_studio

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-6078", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "3DS.Information-Security@3ds.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-02-01T14:15:55.810", "references": [{"url": "https://www.3ds.com/vulnerability/advisories", "tags": ["Vendor Advisory"], "source": "3DS.Information-Security@3ds.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "3DS.Information-Security@3ds.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en los productos BIOVIA Materials Studio desde la versi\u00f3n BIOVIA 2021 hasta la versi\u00f3n BIOVIA 2023. La carga de un script perl especialmente manipulado puede provocar la ejecuci\u00f3n de comandos arbitrarios."}], "lastModified": "2024-02-09T20:23:01.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:3ds:biovia_materials_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE86B786-867B-46D5-9FE0-40FF6ADFE1EF", "versionEndIncluding": "2023", "versionStartIncluding": "2021"}], "operator": "OR"}]}], "sourceIdentifier": "3DS.Information-Security@3ds.com"}