CVE-2022-40644 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.

A fix has been released for these issues. Those who have upgraded to the latest version are protected. Ansys SpaceClaim 2022 R1 was updated to fix the vulnerability described in this advisory. Users who must stay on an older version must upgrade as soon as possible. End users who are concerned about the upgrade process or who want to evaluate the risk of staying on an older version should consider consulting a technical specialist.

What is the vulnerability?

How to find the version you are running

Ansys SpaceClaim 2022 R1 was updated to fix the vulnerability described in this advisory. Users who must stay on an older version must upgrade as soon as possible. End users who are concerned about the upgrade process or who want to evaluate the risk of staying on an older version should consider consulting a technical specialist.
To check whether you are running the latest release, use the following command:
>>%ProgramFiles%\ANSSYS\SpaceClaim 2022 R1\SpaceClaim Show me what I'm running
If you're not running an update, then you are running an earlier version and are vulnerable to any of these vulnerabilities. If your current version is 2020, please contact Ansys for assistance and a free upgrade.

#Description of the vulnerability

What is the Risk?

The risk for CVE-2022-40644 is that attackers can execute malicious code by downloading a malicious DLL file and launching it via the affected application.

End users of AEC software who have not yet updated to the latest software should upgrade as soon as possible. Those who must stay on an older version must upgrade as soon as possible.

What is the risk to users?

The risk to users of the vulnerable release is limited, but as a precaution all users should upgrade as soon as possible.

Timeline

Published on: 09/15/2022 16:15:00 UTC
Last modified on: 09/19/2022 18:16:00 UTC