CVE-2021-22647: Siemens Solid Edge Viewer FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Reference Links

• https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf
• https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01
• https://www.zerodayinitiative.com/advisories/ZDI-21-318/
• https://www.zerodayinitiative.com/advisories/ZDI-21-320/
• https://www.zerodayinitiative.com/advisories/ZDI-21-321/
• https://www.zerodayinitiative.com/advisories/ZDI-21-322/
• https://www.zerodayinitiative.com/advisories/ZDI-21-326/
• https://www.cisa.gov/news-events/ics-advisories/icsa-21-035-01 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

• ICSA-21-035-01

Frequently Asked Questions

• What is the vulnerability ID?

  The vulnerability ID is CVE-2021-22647.

• What is the severity of CVE-2021-22647?

  The severity of CVE-2021-22647 is high, with a score of 7.8.

• Which software is affected by CVE-2021-22647?

  The Siemens Solid Edge Viewer, Luxion KeyShot, Luxion KeyShot Network Rendering, Luxion KeyShot Viewer, Luxion KeyVR, Siemens Solid Edge Se2020 Firmware, and Siemens Solid Edge Se2021 Firmware are affected by CVE-2021-22647.

• How can the vulnerability CVE-2021-22647 be exploited?

  The vulnerability CVE-2021-22647 can be exploited by remote attackers who can execute arbitrary code by tricking the target into visiting a malicious page or opening a malicious file.

• Are there any references for CVE-2021-22647?

  Yes, you can find references for CVE-2021-22647 at the following links: [Link 1](https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf), [Link 2](https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01), [Link 3](https://www.zerodayinitiative.com/advisories/ZDI-21-318/).