CISA Warns of Actively Exploited RCE Vulnerability in Dassault DELMIA Apriso

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the active exploitation of a critical remote code execution (RCE) vulnerability in DELMIA Apriso, a manufacturing operations management (MOM) and manufacturing execution system (MES) solution developed by Dassault Systèmes. This vulnerability, tracked as CVE-2023-27350, has a CVSS score of 9.8, indicating its high severity. The flaw allows attackers to execute arbitrary code on affected systems, potentially leading to severe compromises. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to apply mitigations immediately. DELMIA Apriso is widely used in manufacturing and other industries, making this vulnerability a significant risk for supply chain attacks and industrial espionage. The active exploitation of this flaw underscores the critical need for timely patching and robust vulnerability management in industrial environments. Organizations should prioritize patching this vulnerability and consider additional measures such as network segmentation and continuous monitoring to detect and prevent potential exploits. This incident highlights the growing threat to industrial control systems (ICS) and operational technology (OT) environments, which are increasingly targeted by cybercriminals and nation-state actors. Regular vulnerability assessments and penetration testing are essential to identify and mitigate such risks before they are exploited.