CVE-2021-27496: (0Day) Siemens Solid Edge Viewer PRT File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
First published: Thu May 27 2021(Updated: )
Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Solid Edge Viewer | ||
| Datakit CatiaV5 3D Read | ||
| Datakit CatiaV6 3D Read | ||
| Datakit Step3dRead | ||
| Datakit Ug3dReadPsr | ||
| Datakit JT3D Read PSR | ||
| Datakit CrossCAD/Ware | <=2021.1 | |
| Luxion KeyShot Network Rendering | <=10.1 | |
| Siemens Solid Edge SE2020 | ||
| Siemens Solid Edge | ||
| Siemens Solid Edge SE2021 | ||
| Siemens Solid Edge |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-27496?
CVE-2021-27496 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer.
How can this vulnerability be exploited?
This vulnerability can be exploited by visiting a malicious page or opening a malicious file.
What is the severity of CVE-2021-27496?
The severity of CVE-2021-27496 is high with a CVSS score of 7.8.
Which software is affected by CVE-2021-27496?
Siemens Solid Edge Viewer versions up to and including 2021.1 are affected, as well as Luxion KeyShot version up to and including 10.1.
How can I mitigate CVE-2021-27496?
To mitigate CVE-2021-27496, users should update Siemens Solid Edge Viewer to a version beyond 2021.1 or Luxion KeyShot to a version beyond 10.1.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/references
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-565
- alias/ZDI-CAN-11962
- alias/CVE-2021-27496
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/source
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/siemens
- canonical/siemens solid edge viewer
- vendor/datakit
- canonical/datakit catiav5 3d read
- canonical/datakit catiav6 3d read
- canonical/datakit step3dread
- canonical/datakit ug3dreadpsr
- canonical/datakit jt3d read psr
- canonical/datakit crosscad/ware
- version/datakit crosscad/ware/2021.1
- vendor/luxion
- canonical/luxion keyshot network rendering
- version/luxion keyshot network rendering/10.1
- canonical/siemens solid edge se2020
- canonical/siemens solid edge
- canonical/siemens solid edge se2021