Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22643

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.

Published

2021-02-23T04:15:14.100

Last Modified

2024-11-21T05:50:22.470

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-125
  • Type: Secondary
    CWE-125
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application luxion keyshot < 10.1 Yes
Application luxion keyshot_network_rendering < 10.1 Yes
Application luxion keyshot_viewer < 10.1 Yes
Application luxion keyvr < 10.1 Yes
Operating System siemens solid_edge_se2020_firmware * Yes
Hardware siemens solid_edge_se2020 - No
Operating System siemens solid_edge_se2021_firmware * Yes
Hardware siemens solid_edge_se2021 - No
References