Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22645

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.

Published

2021-02-23T04:15:14.210

Last Modified

2024-11-21T05:50:22.727

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-357
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application luxion keyshot < 10.1 Yes
Application luxion keyshot_network_rendering < 10.1 Yes
Application luxion keyshot_viewer < 10.1 Yes
Application luxion keyvr < 10.1 Yes
Operating System siemens solid_edge_se2020_firmware * Yes
Hardware siemens solid_edge_se2020 - No
Operating System siemens solid_edge_se2021_firmware * Yes
Hardware siemens solid_edge_se2021 - No
References