When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf | Third Party Advisory |
https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 | Patch Third Party Advisory US Government Resource |
https://www.zerodayinitiative.com/advisories/ZDI-21-324/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
23 Mar 2021, 18:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:siemens:solid_edge_se2020_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:solid_edge_se2021:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:solid_edge_se2021_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:solid_edge_se2020:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-324/ - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf - Third Party Advisory |
17 Mar 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Mar 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Feb 2021, 04:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:luxion:keyvr:*:*:*:*:*:*:*:* cpe:2.3:a:luxion:keyshot_network_rendering:*:*:*:*:*:*:*:* cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:* cpe:2.3:a:luxion:keyshot:*:*:*:*:*:*:*:* |
|
References | (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 - Patch, Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
CWE | CWE-22 |
23 Feb 2021, 18:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-23 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-22651
Mitre link : CVE-2021-22651
CVE.ORG link : CVE-2021-22651
JSON object : View
Products Affected
luxion
- keyshot
- keyvr
- keyshot_network_rendering
- keyshot_viewer
siemens
- solid_edge_se2021
- solid_edge_se2021_firmware
- solid_edge_se2020_firmware
- solid_edge_se2020
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')