banner showing security alert text overtop of a circuit board

Major Vulnerability Found in Cityworks Software — What Businesses Need to Know

by

Lyme PC Repair
in

Major Vulnerability Found in Cityworks Software — What Businesses Need to Know

If your business uses Cityworks, a popular asset and work management platform used by public utilities and municipal governments, you’ll want to pay attention to this one.

Cisco’s Talos Intelligence team recently disclosed a critical security vulnerability (CVE-2024-23897, also referenced as UAT-6382) that could allow remote attackers to execute unauthorized code on servers running Cityworks software.

What’s the Risk?

The vulnerability affects the Cityworks Server product and stems from an issue in how it processes project files. An attacker could exploit this by uploading a specially crafted .CWP file, which then executes malicious code when parsed by the system.

This is classified as a remote code execution (RCE) vulnerability—which means a bad actor could potentially take control of your system without needing to log in.

Who’s Affected?

Organizations that host their own Cityworks Server (on-premises or private cloud) are most at risk. If your IT team manages this software internally, it’s crucial to check whether your system is running a vulnerable version.

If you’re a municipal contractor, civil engineer, or utility company that partners with clients who use Cityworks, this is worth bringing to their attention too.

What Should You Do?

  • Update Cityworks immediately — The vendor has released a patch. Apply it without delay.
  • 🔍 Audit your server environment — If you’ve imported external .CWP files recently, check for anomalies.
  • 🔒 Lock down upload permissions — Don’t allow unverified users to upload or import projects.
  • 📬 Coordinate with your IT team or MSP — If you’re unsure whether your system is at risk, contact your provider right away.

Security issues like this one are a reminder that even trusted platforms can have serious flaws. Keeping your systems patched and monitored is essential—and that’s where we can help.

Lyme PC Repair offers proactive security monitoring, patch management, and threat protection as part of our business support packages. If you’re not sure your systems are secure, reach out for a no-pressure consultation.