Directory Traversal Vulnerability in Luxion KeyShot and KeyVR Products
CVE-2021-22651

7.8HIGH

Key Information:

Vendor

Luxion

Status
Luxion Keyshot Versions
Luxion Keyshot Viewer
Luxion Keyshot Network Rendering
Luxion Keyvr
Vendor
CVE Published:
23 February 2021

What is CVE-2021-22651?

Luxion KeyShot and KeyVR products have a directory traversal vulnerability that can be exploited when processing specially crafted files. This flaw permits attackers to store arbitrary scripts in automatic startup folders, allowing unauthorized execution of code. Users are advised to update to version 10.1 or later to mitigate this risk.

Affected Version(s)

Luxion KeyShot versions prior to 10.1

Luxion KeyShot Network Rendering versions prior to 10.1

Luxion KeyShot Viewer versions prior to 10.1

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-23121...
x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-21-324/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.