Out-of-Bounds Read Vulnerability in Luxion KeyShot and KeyVR Products
CVE-2021-22643

7.8HIGH

Key Information:

Vendor

Luxion

Status
Luxion Keyshot
Luxion Keyshot Viewer
Luxion Keyshot Network Rendering
Luxion Keyvr
Vendor
CVE Published:
23 February 2021

What is CVE-2021-22643?

Certain Luxion software products, including KeyShot and KeyVR, are affected by an out-of-bounds read vulnerability that occurs while processing project files. This flaw may enable a malicious actor to execute arbitrary code, potentially compromising the integrity of the system. Users of affected versions should prioritize updating to the latest release to mitigate risks associated with this vulnerability.

Affected Version(s)

Luxion KeyShot versions prior to 10.1

Luxion KeyShot Network Rendering versions prior to 10.1

Luxion KeyShot Viewer versions prior to 10.1

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-23121...
x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-21-319/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.