Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for keyshot_network_rendering by luxion

    CVE-2024-5509 (GCVE-0-2024-5509)

    Vulnerability from nvd – Published: 2024-06-06 17:51 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability
    Summary
    Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BIP files. The issue results from loading a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22738.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Luxion KeyShot Affected: 2023.3.12.2.2.4
    Create a notification for this product.
    luxion keyshot Affected: 2023.3.12.2.2.4
        cpe:2.3:a:luxion:keyshot:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-31 16:34
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:luxion:keyshot:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyshot",
                "vendor": "luxion",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2023.3.12.2.2.4"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-07T10:05:16.496885Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T10:05:29.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:05.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-540",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-540/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.keyshot.com/csirt/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "KeyShot",
              "vendor": "Luxion",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023.3.12.2.2.4"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-29T21:49:37.835Z",
          "datePublic": "2024-05-31T16:34:51.821Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of BIP files. The issue results from loading a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22738."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-06T17:51:50.168Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-540",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-540/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.keyshot.com/csirt/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Sean de Regge"
          },
          "title": "Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5509",
        "datePublished": "2024-06-06T17:51:50.168Z",
        "dateReserved": "2024-05-29T21:49:37.803Z",
        "dateUpdated": "2024-08-01T21:18:05.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5508 (GCVE-0-2024-5508)

    Vulnerability from nvd – Published: 2024-06-06 17:51 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22267.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Luxion KeyShot Viewer Affected: 2023.3_12.2.1.2
    Create a notification for this product.
    luxion keyshot_viewer Affected: 0 , < 2024.1 (custom)
        cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-31 16:34
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyshot_viewer",
                "vendor": "luxion",
                "versions": [
                  {
                    "lessThan": "2024.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5508",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T20:13:55.588638Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T16:21:42.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:05.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-539",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-539/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.keyshot.com/csirt/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "KeyShot Viewer",
              "vendor": "Luxion",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023.3_12.2.1.2"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-29T21:49:10.290Z",
          "datePublic": "2024-05-31T16:34:35.695Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22267."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-06T17:51:55.627Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-539",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-539/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.keyshot.com/csirt/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Simon Janz (@esj4y)"
          },
          "title": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5508",
        "datePublished": "2024-06-06T17:51:55.627Z",
        "dateReserved": "2024-05-29T21:49:10.259Z",
        "dateUpdated": "2024-08-01T21:18:05.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5507 (GCVE-0-2024-5507)

    Vulnerability from nvd – Published: 2024-06-06 17:51 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22266.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Luxion KeyShot Viewer Affected: 2023.3_12.2.1.2
    Create a notification for this product.
    luxion keyshot_viewer Affected: 0 , < 2024.1 (custom)
        cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-31 16:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyshot_viewer",
                "vendor": "luxion",
                "versions": [
                  {
                    "lessThan": "2024.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5507",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T20:14:01.093561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T20:16:52.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:05.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-541",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-541/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.keyshot.com/csirt/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "KeyShot Viewer",
              "vendor": "Luxion",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023.3_12.2.1.2"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-29T21:48:44.884Z",
          "datePublic": "2024-05-31T16:35:07.555Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22266."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-06T17:51:43.852Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-541",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-541/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.keyshot.com/csirt/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Simon Janz (@esj4y)"
          },
          "title": "Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5507",
        "datePublished": "2024-06-06T17:51:43.852Z",
        "dateReserved": "2024-05-29T21:48:44.855Z",
        "dateUpdated": "2024-08-01T21:18:05.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5506 (GCVE-0-2024-5506)

    Vulnerability from nvd – Published: 2024-06-06 17:52 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22514.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Luxion KeyShot Viewer Affected: 2023.3_12.2.1.2
    Create a notification for this product.
    luxion keyshot_viewer Affected: 2023.3_12.2.1.2
        cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-31 16:34
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyshot_viewer",
                "vendor": "luxion",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2023.3_12.2.1.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5506",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-06T18:33:11.255930Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T18:37:55.313Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-538",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-538/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.keyshot.com/csirt/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "KeyShot Viewer",
              "vendor": "Luxion",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023.3_12.2.1.2"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-29T21:48:04.013Z",
          "datePublic": "2024-05-31T16:34:19.786Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22514."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-06T17:52:00.097Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-538",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-538/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.keyshot.com/csirt/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Simon Janz (@esj4y)"
          },
          "title": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5506",
        "datePublished": "2024-06-06T17:52:00.097Z",
        "dateReserved": "2024-05-29T21:48:03.983Z",
        "dateUpdated": "2024-08-01T21:18:06.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22651 (GCVE-0-2021-22651)

    Vulnerability from nvd – Published: 2021-02-23 17:45 – Updated: 2024-08-03 18:51
    VLAI
    Summary
    When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot versions Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:51:07.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot versions",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:07.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22651",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot versions",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22651",
        "datePublished": "2021-02-23T17:45:36.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:51:07.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22649 (GCVE-0-2021-22649)

    Vulnerability from nvd – Published: 2021-02-23 03:02 – Updated: 2024-08-03 18:51
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - UNTRUSTED POINTER DEREFERENCE CWE-822
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:51:05.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "UNTRUSTED POINTER DEREFERENCE CWE-822",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:09.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22649",
        "datePublished": "2021-02-23T03:02:05.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:51:05.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22647 (GCVE-0-2021-22647)

    Vulnerability from nvd – Published: 2021-02-23 03:13 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:14.057Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "OUT-OF-BOUNDS WRITE CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:06.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS WRITE CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22647",
        "datePublished": "2021-02-23T03:13:39.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:14.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22645 (GCVE-0-2021-22645)

    Vulnerability from nvd – Published: 2021-02-23 03:02 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.
    Severity
    No CVSS data available.
    CWE
    • CWE-357 - INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:13.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-357",
                  "description": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:05.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22645",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22645",
        "datePublished": "2021-02-23T03:02:08.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:13.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22643 (GCVE-0-2021-22643)

    Vulnerability from nvd – Published: 2021-02-23 03:13 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - OUT-OF-BOUNDS READ CWE-125
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:14.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "OUT-OF-BOUNDS READ CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22643",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS READ CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22643",
        "datePublished": "2021-02-23T03:13:36.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:14.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5506 (GCVE-0-2024-5506)

    Vulnerability from cvelistv5 – Published: 2024-06-06 17:52 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22514.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Luxion KeyShot Viewer Affected: 2023.3_12.2.1.2
    Create a notification for this product.
    luxion keyshot_viewer Affected: 2023.3_12.2.1.2
        cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-31 16:34
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyshot_viewer",
                "vendor": "luxion",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2023.3_12.2.1.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5506",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-06T18:33:11.255930Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T18:37:55.313Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-538",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-538/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.keyshot.com/csirt/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "KeyShot Viewer",
              "vendor": "Luxion",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023.3_12.2.1.2"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-29T21:48:04.013Z",
          "datePublic": "2024-05-31T16:34:19.786Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22514."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-06T17:52:00.097Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-538",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-538/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.keyshot.com/csirt/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Simon Janz (@esj4y)"
          },
          "title": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5506",
        "datePublished": "2024-06-06T17:52:00.097Z",
        "dateReserved": "2024-05-29T21:48:03.983Z",
        "dateUpdated": "2024-08-01T21:18:06.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5508 (GCVE-0-2024-5508)

    Vulnerability from cvelistv5 – Published: 2024-06-06 17:51 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    Summary
    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22267.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Luxion KeyShot Viewer Affected: 2023.3_12.2.1.2
    Create a notification for this product.
    luxion keyshot_viewer Affected: 0 , < 2024.1 (custom)
        cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-31 16:34
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyshot_viewer",
                "vendor": "luxion",
                "versions": [
                  {
                    "lessThan": "2024.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5508",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T20:13:55.588638Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T16:21:42.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:05.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-539",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-539/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.keyshot.com/csirt/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "KeyShot Viewer",
              "vendor": "Luxion",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023.3_12.2.1.2"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-29T21:49:10.290Z",
          "datePublic": "2024-05-31T16:34:35.695Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22267."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-06T17:51:55.627Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-539",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-539/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.keyshot.com/csirt/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Simon Janz (@esj4y)"
          },
          "title": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5508",
        "datePublished": "2024-06-06T17:51:55.627Z",
        "dateReserved": "2024-05-29T21:49:10.259Z",
        "dateUpdated": "2024-08-01T21:18:05.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5509 (GCVE-0-2024-5509)

    Vulnerability from cvelistv5 – Published: 2024-06-06 17:51 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability
    Summary
    Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BIP files. The issue results from loading a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22738.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Luxion KeyShot Affected: 2023.3.12.2.2.4
    Create a notification for this product.
    luxion keyshot Affected: 2023.3.12.2.2.4
        cpe:2.3:a:luxion:keyshot:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-31 16:34
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:luxion:keyshot:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyshot",
                "vendor": "luxion",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2023.3.12.2.2.4"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-07T10:05:16.496885Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T10:05:29.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:05.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-540",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-540/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.keyshot.com/csirt/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "KeyShot",
              "vendor": "Luxion",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023.3.12.2.2.4"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-29T21:49:37.835Z",
          "datePublic": "2024-05-31T16:34:51.821Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of BIP files. The issue results from loading a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22738."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-06T17:51:50.168Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-540",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-540/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.keyshot.com/csirt/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Sean de Regge"
          },
          "title": "Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5509",
        "datePublished": "2024-06-06T17:51:50.168Z",
        "dateReserved": "2024-05-29T21:49:37.803Z",
        "dateUpdated": "2024-08-01T21:18:05.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5507 (GCVE-0-2024-5507)

    Vulnerability from cvelistv5 – Published: 2024-06-06 17:51 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22266.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Luxion KeyShot Viewer Affected: 2023.3_12.2.1.2
    Create a notification for this product.
    luxion keyshot_viewer Affected: 0 , < 2024.1 (custom)
        cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-31 16:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyshot_viewer",
                "vendor": "luxion",
                "versions": [
                  {
                    "lessThan": "2024.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5507",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T20:14:01.093561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T20:16:52.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:05.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-541",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-541/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.keyshot.com/csirt/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "KeyShot Viewer",
              "vendor": "Luxion",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023.3_12.2.1.2"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-29T21:48:44.884Z",
          "datePublic": "2024-05-31T16:35:07.555Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22266."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-06T17:51:43.852Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-541",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-541/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.keyshot.com/csirt/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Simon Janz (@esj4y)"
          },
          "title": "Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5507",
        "datePublished": "2024-06-06T17:51:43.852Z",
        "dateReserved": "2024-05-29T21:48:44.855Z",
        "dateUpdated": "2024-08-01T21:18:05.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22651 (GCVE-0-2021-22651)

    Vulnerability from cvelistv5 – Published: 2021-02-23 17:45 – Updated: 2024-08-03 18:51
    VLAI
    Summary
    When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot versions Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:51:07.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot versions",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:07.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22651",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot versions",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22651",
        "datePublished": "2021-02-23T17:45:36.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:51:07.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22647 (GCVE-0-2021-22647)

    Vulnerability from cvelistv5 – Published: 2021-02-23 03:13 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:14.057Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "OUT-OF-BOUNDS WRITE CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:06.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS WRITE CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22647",
        "datePublished": "2021-02-23T03:13:39.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:14.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22643 (GCVE-0-2021-22643)

    Vulnerability from cvelistv5 – Published: 2021-02-23 03:13 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - OUT-OF-BOUNDS READ CWE-125
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:14.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "OUT-OF-BOUNDS READ CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22643",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS READ CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22643",
        "datePublished": "2021-02-23T03:13:36.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:14.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22645 (GCVE-0-2021-22645)

    Vulnerability from cvelistv5 – Published: 2021-02-23 03:02 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.
    Severity
    No CVSS data available.
    CWE
    • CWE-357 - INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:13.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-357",
                  "description": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:05.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22645",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22645",
        "datePublished": "2021-02-23T03:02:08.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:13.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22649 (GCVE-0-2021-22649)

    Vulnerability from cvelistv5 – Published: 2021-02-23 03:02 – Updated: 2024-08-03 18:51
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - UNTRUSTED POINTER DEREFERENCE CWE-822
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:51:05.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "UNTRUSTED POINTER DEREFERENCE CWE-822",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:09.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22649",
        "datePublished": "2021-02-23T03:02:05.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:51:05.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }