OpenCVE

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Luxion	Keyshot Keyshot Network Rendering Keyshot Viewer Keyvr
Siemens	Solid Edge Se2020 Solid Edge Se2020 Firmware Solid Edge Se2021 Solid Edge Se2021 Firmware

Configuration 1 [-]

OR	cpe:2.3:a:luxion:keyshot::::::::
	cpe:2.3:a:luxion:keyshot_network_rendering::::::::
	cpe:2.3:a:luxion:keyshot_viewer::::::::
	cpe:2.3:a:luxion:keyvr::::::::

Configuration 2 [-]

AND

cpe:2.3:o:siemens:solid_edge_se2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:solid_edge_se2020:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:solid_edge_se2021_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:solid_edge_se2021:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01
https://www.zerodayinitiative.com/advisories/ZDI-21-317/
https://www.zerodayinitiative.com/advisories/ZDI-21-325/

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2021-02-23T03:02:05

Updated: 2024-08-03T18:51:05.823Z

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22649

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-02-23T04:15:14.350

Modified: 2024-11-21T05:50:23.230

Link: CVE-2021-22649

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Luxion KeyShot", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions prior to 10.1"}]}, {"product": "Luxion KeyShot Viewer", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions prior to 10.1"}]}, {"product": "Luxion KeyShot Network Rendering", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions prior to 10.1"}]}, {"product": "Luxion KeyVR", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions prior to 10.1"}]}], "descriptions": [{"lang": "en", "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-822", "description": "UNTRUSTED POINTER DEREFERENCE CWE-822", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-16T23:07:09", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-22649", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Luxion KeyShot", "version": {"version_data": [{"version_value": "versions prior to 10.1"}]}}, {"product_name": "Luxion KeyShot Viewer", "version": {"version_data": [{"version_value": "versions prior to 10.1"}]}}, {"product_name": "Luxion KeyShot Network Rendering", "version": {"version_data": [{"version_value": "versions prior to 10.1"}]}}, {"product_name": "Luxion KeyVR", "version": {"version_data": [{"version_value": "versions prior to 10.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "UNTRUSTED POINTER DEREFERENCE CWE-822"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:51:05.823Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-22649", "datePublished": "2021-02-23T03:02:05", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:51:05.823Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:luxion:keyshot:*:*:*:*:*:*:*:*", "matchCriteriaId": "92EA043D-B0BD-4C61-B6C6-709C001F0363", "versionEndExcluding": "10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:luxion:keyshot_network_rendering:*:*:*:*:*:*:*:*", "matchCriteriaId": "99429D18-218B-4B84-B1E7-7E4B54B6CDD3", "versionEndExcluding": "10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "50848054-203F-4C61-8A26-154083FC0C15", "versionEndExcluding": "10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:luxion:keyvr:*:*:*:*:*:*:*:*", "matchCriteriaId": "80310813-CE50-4876-85FF-18760DD5F502", "versionEndExcluding": "10.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:solid_edge_se2020_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B8F6B67-0A8A-42E5-B9BD-3539475D7C92", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:solid_edge_se2020:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2BB7C3E-32DA-477C-8C11-E35546BC5D61", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:solid_edge_se2021_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E83F677E-3133-407D-8089-E2682DBFDA1E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:solid_edge_se2021:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B9B3882-6975-42EA-A056-B6EC83E51E78", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."}, {"lang": "es", "value": "Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anteriores a 10.1, presentan m\u00faltiples problemas de desreferencia de puntero NULL mientras se procesar archivos de proyecto, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario"}], "id": "CVE-2021-22649", "lastModified": "2024-11-21T05:50:23.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-23T04:15:14.350", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-822"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}