What is the vulnerability ID?

The vulnerability ID is CVE-2021-22651.

What is the affected software?

The affected software includes Siemens Solid Edge Viewer, Luxion KeyShot, Luxion KeyShot Network Rendering, Luxion KeyShot Viewer, Luxion KeyVR, Siemens Solid Edge Se2020 Firmware, and Siemens Solid Edge Se2021 Firmware.

What is the severity of CVE-2021-22651?

The severity of CVE-2021-22651 is high with a CVSS score of 7.8.

How can I mitigate the vulnerability?

To mitigate the vulnerability, it is recommended to visit the vendor's website for the latest patches and updates.

Vulnerability/
CVE-2021-22651

high

7.8

CWE

23/2/2021

3/8/2024

CVE-2021-22651: Siemens Solid Edge Viewer ZIP Path Traversal Remote Code Execution Vulnerability

Q: What is the title of the vulnerability?

The title of the vulnerability is Siemens Solid Edge Viewer ZIP Path Traversal Remote Code Execution Vulnerability.

First published: Tue Feb 23 2021(Updated: )

The vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Luxion KeyShot	<10.1
Luxion KeyShot Network Rendering	<10.1
Luxion KeyShot Viewer	<10.1
Luxion KeyVR	<10.1
Siemens Solid Edge Se2020 Firmware
Siemens Solid Edge Viewer
Siemens Solid Edge Se2021 Firmware
Siemens Solid Edge Se2021

Remedy

https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-035-01

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2021-22651.
What is the title of the vulnerability?
The title of the vulnerability is Siemens Solid Edge Viewer ZIP Path Traversal Remote Code Execution Vulnerability.
What is the affected software?
The affected software includes Siemens Solid Edge Viewer, Luxion KeyShot, Luxion KeyShot Network Rendering, Luxion KeyShot Viewer, Luxion KeyVR, Siemens Solid Edge Se2020 Firmware, and Siemens Solid Edge Se2021 Firmware.
What is the severity of CVE-2021-22651?
The severity of CVE-2021-22651 is high with a CVSS score of 7.8.
How can I mitigate the vulnerability?
To mitigate the vulnerability, it is recommended to visit the vendor's website for the latest patches and updates.

collector/nvd-index
agent/type
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/author
agent/references
agent/remedy
agent/title
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/tags
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-21-324
alias/ZDI-CAN-11983
alias/CVE-2021-22651
vendor/luxion
canonical/luxion keyshot
canonical/luxion keyshot network rendering
canonical/luxion keyshot viewer
canonical/luxion keyvr
vendor/siemens
canonical/siemens solid edge se2020 firmware
canonical/siemens solid edge viewer
canonical/siemens solid edge se2021 firmware
canonical/siemens solid edge se2021