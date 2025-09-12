DELMIA Apriso is modern manufacturing operations management (MOM) and manufacturing execution system (MES) software used on shop floors that delivers real-time visibility and control over global production and warehouse operations.

Jason Soroko, senior fellow at Sectigo, said because the software is heavily used in manufacturing and industrial environments, a compromise could give attackers a foothold inside critical operations networks, with potential for disruption, data theft, or lateral movement.

“Security teams must apply Dassault’s patch without delay on all affected versions from Release 2020 through Release 2025,” said Soroko. “Where patching cannot happen immediately, mitigations should include isolating the Apriso application from untrusted networks, adding strict firewall and WAF rules to block suspicious requests to the vulnerable endpoint, and monitoring for indicators of compromise such as connections from the reported IP ranges and DLL payload artifacts.”

John Carberry, solution sleuth at Xcape Inc., agreed that IT/OT teams need to patch DELMIA Apriso right away, particularly because exploitation has already been discovered and listed on CISA's KEV catalog.

Carberry added that in addition to implementing the remedy, teams should keep an eye out for the execution of unexpected DLLs, examine logs for unusual requests to the FlexNetOperationsService.svc endpoint, and inspect endpoints for indications of the Zapchast trojan.

“To prevent possible lateral movement, defenders should additionally confirm network segmentation and provide EDR coverage on systems connected to Apriso servers, as Apriso is frequently used in manufacturing and supply chain environments,” said Carberry.