NULL Pointer Dereference Vulnerabilities in Luxion KeyShot and Related Products
CVE-2021-22649

7.8HIGH

Key Information:

Vendor

Luxion

Status
Luxion Keyshot
Luxion Keyshot Viewer
Luxion Keyshot Network Rendering
Luxion Keyvr
Vendor
CVE Published:
23 February 2021

What is CVE-2021-22649?

Multiple NULL pointer dereference vulnerabilities exist in various versions of Luxion KeyShot, KeyShot Viewer, KeyShot Network Rendering, and KeyVR. When processing specific project files, these vulnerabilities may be exploited by an attacker to execute arbitrary code on the affected system, posing significant security risks to users.

Affected Version(s)

Luxion KeyShot versions prior to 10.1

Luxion KeyShot Network Rendering versions prior to 10.1

Luxion KeyShot Viewer versions prior to 10.1

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-23121...
x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-21-317/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.