Skip to main content

DELMIA Apriso CVE-2026-9695

| EUVDEUVD-2026-42177 CRITICAL
Improper Authentication (CWE-287)
2026-07-08 3DS GHSA-hx4w-2f46-xmmc
9.8
CVSS 3.1 · Vendor: 3DS
Share

Severity by source

Vendor (3DS) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Improper authentication grants unauthenticated network access to a privileged server session with no user interaction and full C/I/A impact, so AV:N/AC:L/PR:N/UI:N and C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (3DS).

CVSS VectorVendor: 3DS

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 08, 2026 - 07:21 vuln.today

DescriptionCVE.org

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server.

AnalysisAI

Authentication bypass in Dassault Systèmes DELMIA Apriso (Release 2020 through Release 2026) lets remote unauthenticated attackers obtain privileged access to the manufacturing operations server, consistent with the CVSS PR:N/UI:N metrics. Rated CVSS 9.8 (C:H/I:H/A:H), it exposes shop-floor and production-control functions to full compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Apriso server over network
Delivery
Send crafted authentication-bypass request
Exploit
Obtain privileged session
Execution
Access manufacturing data and controls
Impact
Alter production or disrupt operations

Vulnerability AssessmentAI

Exploitation The attacker needs network reachability to the DELMIA Apriso application/authentication endpoint; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) exploitation is remote, unauthenticated, low-complexity, and requires no user interaction against affected deployments running any Release from 2020 through 2026. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are largely consistent and point to genuine high priority: the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H = 9.8) describes network-reachable, low-complexity, unauthenticated exploitation yielding full confidentiality, integrity, and availability loss, and 'privileged access to the server' aligns with that impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the DELMIA Apriso server over the network sends crafted requests to the authentication interface that the application incorrectly accepts as valid, obtaining a privileged session without credentials. From there they read and alter manufacturing execution data, production orders, and configuration, or disrupt operations. …
Remediation Apply the fixed release identified in the Dassault Systèmes 3DS security advisory (https://www.3ds.com/trust-center/security/security-advisories/cve-2026-9695); no exact fixed version is stated in the available data, so treat patch status as 'Patch available per vendor advisory' and confirm the precise build with 3DS support before scheduling maintenance. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Implement network segmentation restricting Dassault Systèmes DELMIA Apriso administrative access to trusted internal networks only; enable multi-factor authentication for all administrative accounts; activate comprehensive audit logging on all DELMIA Apriso systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9695 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy