What is CVE-2021-22649?

CVE-2021-22649 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer.

How can this vulnerability be exploited?

To exploit this vulnerability, user interaction is required, such as visiting a malicious page or opening a malicious file.

What is the severity of CVE-2021-22649?

The severity of CVE-2021-22649 is high, with a CVSS score of 7.8.

Which software is affected by CVE-2021-22649?

Siemens Solid Edge Viewer versions up to and including 10.1 are affected by this vulnerability.

How can I fix CVE-2021-22649?

Update Siemens Solid Edge Viewer to version 10.1 or higher to mitigate this vulnerability.

Vulnerability/
CVE-2021-22649

high

7.8

CWE

119 822 476

23/2/2021

3/8/2024

CVE-2021-22649: Siemens Solid Edge Viewer 3DS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability

First published: Tue Feb 23 2021(Updated: )

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Luxion KeyShot	<10.1
Luxion KeyShot Network Rendering	<10.1
Luxion KeyShot Viewer	<10.1
Luxion KeyVR	<10.1
Siemens Solid Edge Se2020 Firmware
Siemens Solid Edge Viewer
Siemens Solid Edge Se2021 Firmware
Siemens Solid Edge Se2021

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-035-01

Frequently Asked Questions

What is CVE-2021-22649?
CVE-2021-22649 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer.
How can this vulnerability be exploited?
To exploit this vulnerability, user interaction is required, such as visiting a malicious page or opening a malicious file.
What is the severity of CVE-2021-22649?
The severity of CVE-2021-22649 is high, with a CVSS score of 7.8.
Which software is affected by CVE-2021-22649?
Siemens Solid Edge Viewer versions up to and including 10.1 are affected by this vulnerability.
How can I fix CVE-2021-22649?
Update Siemens Solid Edge Viewer to version 10.1 or higher to mitigate this vulnerability.

collector/nvd-index
agent/type
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/author
agent/references
agent/title
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/tags
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-21-317
alias/ZDI-CAN-11942
alias/CVE-2021-22649
alias/ZDI-21-325
alias/ZDI-CAN-12064
vendor/luxion
canonical/luxion keyshot
canonical/luxion keyshot network rendering
canonical/luxion keyshot viewer
canonical/luxion keyvr
vendor/siemens
canonical/siemens solid edge se2020 firmware
canonical/siemens solid edge viewer
canonical/siemens solid edge se2021 firmware
canonical/siemens solid edge se2021

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.