Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22649

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.

Published

2021-02-23T04:15:14.350

Last Modified

2024-11-21T05:50:23.230

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-822
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application luxion keyshot < 10.1 Yes
Application luxion keyshot_network_rendering < 10.1 Yes
Application luxion keyshot_viewer < 10.1 Yes
Application luxion keyvr < 10.1 Yes
Operating System siemens solid_edge_se2020_firmware * Yes
Hardware siemens solid_edge_se2020 - No
Operating System siemens solid_edge_se2021_firmware * Yes
Hardware siemens solid_edge_se2021 - No
References