Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for keyvr by luxion

    CVE-2021-22651 (GCVE-0-2021-22651)

    Vulnerability from nvd – Published: 2021-02-23 17:45 – Updated: 2024-08-03 18:51
    VLAI
    Summary
    When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot versions Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:51:07.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot versions",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:07.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22651",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot versions",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22651",
        "datePublished": "2021-02-23T17:45:36.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:51:07.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22649 (GCVE-0-2021-22649)

    Vulnerability from nvd – Published: 2021-02-23 03:02 – Updated: 2024-08-03 18:51
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - UNTRUSTED POINTER DEREFERENCE CWE-822
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:51:05.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "UNTRUSTED POINTER DEREFERENCE CWE-822",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:09.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22649",
        "datePublished": "2021-02-23T03:02:05.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:51:05.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22647 (GCVE-0-2021-22647)

    Vulnerability from nvd – Published: 2021-02-23 03:13 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:14.057Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "OUT-OF-BOUNDS WRITE CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:06.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS WRITE CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22647",
        "datePublished": "2021-02-23T03:13:39.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:14.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22645 (GCVE-0-2021-22645)

    Vulnerability from nvd – Published: 2021-02-23 03:02 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.
    Severity
    No CVSS data available.
    CWE
    • CWE-357 - INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:13.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-357",
                  "description": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:05.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22645",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22645",
        "datePublished": "2021-02-23T03:02:08.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:13.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22643 (GCVE-0-2021-22643)

    Vulnerability from nvd – Published: 2021-02-23 03:13 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - OUT-OF-BOUNDS READ CWE-125
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:14.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "OUT-OF-BOUNDS READ CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22643",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS READ CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22643",
        "datePublished": "2021-02-23T03:13:36.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:14.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22651 (GCVE-0-2021-22651)

    Vulnerability from cvelistv5 – Published: 2021-02-23 17:45 – Updated: 2024-08-03 18:51
    VLAI
    Summary
    When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot versions Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:51:07.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot versions",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:07.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22651",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot versions",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22651",
        "datePublished": "2021-02-23T17:45:36.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:51:07.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22647 (GCVE-0-2021-22647)

    Vulnerability from cvelistv5 – Published: 2021-02-23 03:13 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:14.057Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "OUT-OF-BOUNDS WRITE CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:06.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS WRITE CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22647",
        "datePublished": "2021-02-23T03:13:39.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:14.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22643 (GCVE-0-2021-22643)

    Vulnerability from cvelistv5 – Published: 2021-02-23 03:13 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - OUT-OF-BOUNDS READ CWE-125
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:14.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "OUT-OF-BOUNDS READ CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22643",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS READ CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22643",
        "datePublished": "2021-02-23T03:13:36.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:14.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22645 (GCVE-0-2021-22645)

    Vulnerability from cvelistv5 – Published: 2021-02-23 03:02 – Updated: 2024-08-03 18:44
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.
    Severity
    No CVSS data available.
    CWE
    • CWE-357 - INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:13.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-357",
                  "description": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:05.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22645",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22645",
        "datePublished": "2021-02-23T03:02:08.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:44:13.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22649 (GCVE-0-2021-22649)

    Vulnerability from cvelistv5 – Published: 2021-02-23 03:02 – Updated: 2024-08-03 18:51
    VLAI
    Summary
    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - UNTRUSTED POINTER DEREFERENCE CWE-822
    Assigner
    Impacted products
    Vendor Product Version
    n/a Luxion KeyShot Affected: versions prior to 10.1
    n/a Luxion KeyShot Viewer Affected: versions prior to 10.1
    n/a Luxion KeyShot Network Rendering Affected: versions prior to 10.1
    n/a Luxion KeyVR Affected: versions prior to 10.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:51:05.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Luxion KeyShot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Viewer",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyShot Network Rendering",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            },
            {
              "product": "Luxion KeyVR",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "UNTRUSTED POINTER DEREFERENCE CWE-822",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-16T23:07:09.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-22649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Luxion KeyShot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyShot Network Rendering",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Luxion KeyVR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-22649",
        "datePublished": "2021-02-23T03:02:05.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:51:05.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }