Datakit CrossCAD-WARE

Plan Patch7.8ICS-CERT ICSA-23-103-14Apr 20, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Datakit CrossCAD/Ware library contains out-of-bounds read (CWE-125) and buffer overflow (CWE-787) vulnerabilities affecting all versions prior to 2023.1. An attacker can craft a malicious SLDPRT file that, when opened by a user, discloses sensitive information from memory or executes arbitrary code with user privileges. These vulnerabilities are not remotely exploitable and require user interaction.

What this means

What could happen

An attacker with local access could trigger buffer overflow or out-of-bounds read vulnerabilities by opening a malicious SLDPRT file in CrossCAD/Ware, leading to disclosure of sensitive data or arbitrary code execution on the workstation.

Who's at risk

Engineering and CAD workstations using Datakit CrossCAD/Ware library for processing SolidWorks files. Affects organizations using this tool for design review, model conversion, or CAD file import workflows in manufacturing, engineering, and infrastructure sectors.

How it could be exploited

An attacker creates a malicious SLDPRT (SolidWorks part) file and tricks a user into opening it with CrossCAD/Ware. The crafted file triggers a buffer overflow (CWE-787) or out-of-bounds read (CWE-125), allowing the attacker to read sensitive memory contents or execute code with the privileges of the user running CrossCAD/Ware.

Prerequisites

User interaction required: victim must open the malicious SLDPRT file
CrossCAD/Ware version prior to 2023.1 must be installed
Local access to the workstation running CrossCAD/Ware or ability to deliver the file via email or file share

Requires user interaction (file opening)Local execution only—not remotely exploitableAffects workstations not OT devices directlyNo active exploitation reported

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

CrossCad/Ware_x64 library: All< 2023.12023.1

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDDo not open SLDPRT files from untrusted sources until patched

HARDENINGEducate users not to open unexpected file attachments or files from untrusted sources, especially SLDPRT files

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CrossCAD/Ware to version 2023.1 or later

CVEs (5)

CVE-2023-22295 CVE-2023-22321 CVE-2023-22354 CVE-2023-22846 CVE-2023-23579

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/810d283e-d2d5-4dca-bc2d-8c4198a047d8