Patch status unclear: Attacks on DELMIA Apriso production management software
A security researcher and a US authority warn of attacks on DELMIA Apriso. It is not yet clear whether there will be a security update.
(Image: Andrii Yalanskyi/Shutterstock)
A "critical" security vulnerability in DELMIA Apriso allows malicious code to slip through and damage computers.
DELMIA Apriso is a Manufacturing Operations Management (MOM) software and a Manufacturing Execution System (MES) that is also used in Germany in the automotive sector, among others. It is used to control global production processes, for example. It can be assumed that a successful attack could have far-reaching consequences for companies.
Background
The provider of the software, Dassault Systèmes, mentioned the vulnerability (CVE-2025-5086 "critical") back in June of this year in a very briefly worded warning message. This indicates that remote attackers can execute malicious code in various releases from 2020 up to and including 2025. Due to the critical classification, it can be assumed that attackers do not need to be authenticated to initiate attacks
At the beginning of September, a security researcher from the SANS Institute Internet Strom Center warned of exploit attempts in an article. According to him, attackers are sending SOAP requests with malicious code to vulnerable instances. What attackers actually do after successful attacks is currently unclear.
Videos by heise
The US security authority CISA has now also issued a warning about attacks. The extent of the attacks is currently unknown. It also remains unclear whether there is a security patch. This is clear neither from the official warning nor from the warnings of the security researcher and CISA. heise security is in contact with the software provider and is currently waiting for feedback on the security patch. We will update this report as soon as we have concrete information.
(des)
