{"containers": {"cna": {"affected": [{"product": "Luxion KeyShot", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions prior to 10.1"}]}, {"product": "Luxion KeyShot Viewer", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions prior to 10.1"}]}, {"product": "Luxion KeyShot Network Rendering", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions prior to 10.1"}]}, {"product": "Luxion KeyVR", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions prior to 10.1"}]}], "descriptions": [{"lang": "en", "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-357", "description": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-16T23:07:05", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-22645", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Luxion KeyShot", "version": {"version_data": [{"version_value": "versions prior to 10.1"}]}}, {"product_name": "Luxion KeyShot Viewer", "version": {"version_data": [{"version_value": "versions prior to 10.1"}]}}, {"product_name": "Luxion KeyShot Network Rendering", "version": {"version_data": [{"version_value": "versions prior to 10.1"}]}}, {"product_name": "Luxion KeyVR", "version": {"version_data": [{"version_value": "versions prior to 10.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:44:13.754Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-22645", "datePublished": "2021-02-23T03:02:08", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:44:13.754Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:luxion:keyshot:*:*:*:*:*:*:*:*", "matchCriteriaId": "92EA043D-B0BD-4C61-B6C6-709C001F0363", "versionEndExcluding": "10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:luxion:keyshot_network_rendering:*:*:*:*:*:*:*:*", "matchCriteriaId": "99429D18-218B-4B84-B1E7-7E4B54B6CDD3", "versionEndExcluding": "10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "50848054-203F-4C61-8A26-154083FC0C15", "versionEndExcluding": "10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:luxion:keyvr:*:*:*:*:*:*:*:*", "matchCriteriaId": "80310813-CE50-4876-85FF-18760DD5F502", "versionEndExcluding": "10.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:solid_edge_se2020_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B8F6B67-0A8A-42E5-B9BD-3539475D7C92", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:solid_edge_se2020:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2BB7C3E-32DA-477C-8C11-E35546BC5D61", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:solid_edge_se2021_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E83F677E-3133-407D-8089-E2682DBFDA1E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:solid_edge_se2021:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B9B3882-6975-42EA-A056-B6EC83E51E78", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."}, {"lang": "es", "value": "Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anteriores a 10.1, son vulnerables a un ataque porque los documentos .bip muestran un comando \"load\", que puede ser apuntado a una .dll desde un recurso compartido de red remoto. Como resultado, el punto de entrada .dll puede ser ejecutado sin suficiente advertencia de la Interfaz de Usuario"}], "id": "CVE-2021-22645", "lastModified": "2024-11-21T05:50:22.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-23T04:15:14.210", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-357"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}