Dfmpro For Catia
Monthly
Insecure file permissions on the HCL DFMPro (for CATIA), DFXAnalytics, and DFXServer installer executables allow any locally authenticated non-administrative user to overwrite or replace those binaries with malicious code. When a privileged user subsequently runs the tampered installer - during installation, upgrade, or reinstallation - the attacker's binary executes in the elevated context, completing a local privilege escalation. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the vendor-reported CVSS 3.3 score materially understates the potential impact of a successful exploitation scenario.
Insecure file permissions on the HCL DFMPro (for CATIA), DFXAnalytics, and DFXServer installer executables allow any locally authenticated non-administrative user to overwrite or replace those binaries with malicious code. When a privileged user subsequently runs the tampered installer - during installation, upgrade, or reinstallation - the attacker's binary executes in the elevated context, completing a local privilege escalation. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the vendor-reported CVSS 3.3 score materially understates the potential impact of a successful exploitation scenario.