Out-of-Bounds Write Vulnerabilities in Luxion KeyShot and Related Products
CVE-2021-22647

7.8HIGH

Key Information:

Vendor

Luxion

Status
Luxion Keyshot
Luxion Keyshot Viewer
Luxion Keyshot Network Rendering
Luxion Keyvr
Vendor
CVE Published:
23 February 2021

What is CVE-2021-22647?

Multiple out-of-bounds write issues have been identified in Luxion KeyShot and associated products that affect versions prior to 10.1. These vulnerabilities arise during the processing of project files and may allow attackers to execute arbitrary code, compromising system integrity and data security. Users are advised to update to the latest versions to mitigate potential risks.

Affected Version(s)

Luxion KeyShot versions prior to 10.1

Luxion KeyShot Network Rendering versions prior to 10.1

Luxion KeyShot Viewer versions prior to 10.1

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-23121...
x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-21-322/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.