What is CVE-2021-22645?

CVE-2021-22645 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer.

How severe is CVE-2021-22645?

CVE-2021-22645 has a severity score of 7.8, which is considered high.

What software is affected by CVE-2021-22645?

Siemens Solid Edge Viewer, Luxion KeyShot, Luxion KeyShot Network Rendering, Luxion KeyShot Viewer, Luxion KeyVR, Siemens Solid Edge Se2020 Firmware, and Siemens Solid Edge Se2021 Firmware are all affected by CVE-2021-22645.

How can CVE-2021-22645 be exploited?

To exploit CVE-2021-22645, user interaction is required, such as visiting a malicious page or opening a malicious file.

Where can I find more information about CVE-2021-22645?

You can find more information about CVE-2021-22645 in the references provided: https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf, https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01, https://www.zerodayinitiative.com/advisories/ZDI-21-323/

Vulnerability/
CVE-2021-22645

high

7.8

CWE

357

23/2/2021

3/8/2024

CVE-2021-22645: Siemens Solid Edge Viewer Insufficient UI Warning Remote Code Execution Vulnerability

First published: Tue Feb 23 2021(Updated: )

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Luxion KeyShot	<10.1
Luxion KeyShot Network Rendering	<10.1
Luxion KeyShot Viewer	<10.1
Luxion KeyVR	<10.1
Siemens Solid Edge Se2020 Firmware
Siemens Solid Edge Viewer
Siemens Solid Edge Se2021 Firmware
Siemens Solid Edge Se2021




Siemens Solid Edge Viewer

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-035-01

Frequently Asked Questions

What is CVE-2021-22645?
CVE-2021-22645 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer.
How severe is CVE-2021-22645?
CVE-2021-22645 has a severity score of 7.8, which is considered high.
What software is affected by CVE-2021-22645?
Siemens Solid Edge Viewer, Luxion KeyShot, Luxion KeyShot Network Rendering, Luxion KeyShot Viewer, Luxion KeyVR, Siemens Solid Edge Se2020 Firmware, and Siemens Solid Edge Se2021 Firmware are all affected by CVE-2021-22645.
How can CVE-2021-22645 be exploited?
To exploit CVE-2021-22645, user interaction is required, such as visiting a malicious page or opening a malicious file.
Where can I find more information about CVE-2021-22645?
You can find more information about CVE-2021-22645 in the references provided: https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf, https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01, https://www.zerodayinitiative.com/advisories/ZDI-21-323/

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/title
agent/last-modified-date
agent/severity
agent/weakness
agent/description
agent/first-publish-date
agent/references
agent/softwarecombine
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/tags
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-21-323
alias/ZDI-CAN-11940
alias/CVE-2021-22645
vendor/luxion
canonical/luxion keyshot
canonical/luxion keyshot network rendering
canonical/luxion keyshot viewer
canonical/luxion keyvr
vendor/siemens
canonical/siemens solid edge se2020 firmware
canonical/siemens solid edge viewer
canonical/siemens solid edge se2021 firmware
canonical/siemens solid edge se2021