CVE-2021-22649: Siemens Solid Edge Viewer 3DS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
First published: Tue Feb 23 2021(Updated: )
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Solid Edge Viewer | ||
| Luxion KeyShot Network Rendering | ||
| Luxion KeyShot | ||
| Luxion KeyShot Network Rendering | ||
| Luxion KeyVR | ||
| Luxion KeyShot Network Rendering | <10.1 | |
| KeyShot Network Rendering | <10.1 | |
| Luxion KeyShot | <10.1 | |
| Luxion KeyVR | <10.1 | |
| Siemens Solid Edge SE2020 | ||
| Siemens Solid Edge | ||
| Siemens Solid Edge SE2021 | ||
| Siemens Solid Edge |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01
- https://www.zerodayinitiative.com/advisories/ZDI-21-325/
- https://www.zerodayinitiative.com/advisories/ZDI-21-317/
- https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-035-01 (Advisory)
Frequently Asked Questions
What is CVE-2021-22649?
CVE-2021-22649 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer.
How can this vulnerability be exploited?
To exploit this vulnerability, user interaction is required, such as visiting a malicious page or opening a malicious file.
What is the severity of CVE-2021-22649?
The severity of CVE-2021-22649 is high, with a CVSS score of 7.8.
Which software is affected by CVE-2021-22649?
Siemens Solid Edge Viewer versions up to and including 10.1 are affected by this vulnerability.
How can I fix CVE-2021-22649?
Update Siemens Solid Edge Viewer to version 10.1 or higher to mitigate this vulnerability.
- agent/type
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-317
- alias/ZDI-CAN-11942
- alias/CVE-2021-22649
- agent/software-canonical-lookup
- alias/ZDI-21-325
- alias/ZDI-CAN-12064
- agent/title
- agent/event
- agent/trending
- agent/source
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/siemens
- canonical/siemens solid edge viewer
- vendor/luxion
- canonical/luxion keyshot network rendering
- canonical/luxion keyshot
- canonical/luxion keyvr
- canonical/keyshot network rendering
- canonical/siemens solid edge se2020
- canonical/siemens solid edge
- canonical/siemens solid edge se2021