CVE-2023-6078 HIGH

CVE-2023-6078: OS Command Injection vulnerability affecting BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023

Vendor Dassault Systèmes

Product BIOVIA Materials Studio products

Weakness CWE-78

Published February 1, 2024

Last update June 9, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.

Key dates

02Disclosure timeline

February 1, 2024 CVE published

June 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6078 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2023-6078

CWE CWE-78

CVSS 8.8 / HIGH

Affected versions

Vendor Dassault Systèmes

Product BIOVIA Materials Studio products

Affected BIOVIA 2021 Golden

Vendor Dassault Systèmes

Product BIOVIA Materials Studio products

Affected BIOVIA 2022 Golden

Vendor Dassault Systèmes

Product BIOVIA Materials Studio products

Affected BIOVIA 2023 Golden

CVE-2023-6078: OS Command Injection vulnerability affecting BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023

01Description

02Disclosure timeline

03References

04Related CVE