Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22651

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.

Published

2021-02-23T18:15:13.553

Last Modified

2024-11-21T05:50:23.497

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-22
  • Type: Secondary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application luxion keyshot < 10.1 Yes
Application luxion keyshot_network_rendering < 10.1 Yes
Application luxion keyshot_viewer < 10.1 Yes
Application luxion keyvr < 10.1 Yes
Operating System siemens solid_edge_se2020_firmware * Yes
Hardware siemens solid_edge_se2020 - No
Operating System siemens solid_edge_se2021_firmware * Yes
Hardware siemens solid_edge_se2021 - No
References