CVE-2021-22645

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf	Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01	Third Party Advisory US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-323/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:luxion:keyshot::::::::
	cpe:2.3:a:luxion:keyshot_network_rendering::::::::
	cpe:2.3:a:luxion:keyshot_viewer::::::::
	cpe:2.3:a:luxion:keyvr::::::::

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:solid_edge_se2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:solid_edge_se2020:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:solid_edge_se2021_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:solid_edge_se2021:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-02-23 04:15

Updated : 2024-02-28 18:08

NVD link : CVE-2021-22645

Mitre link : CVE-2021-22645

CVE.ORG link : CVE-2021-22645

JSON object : View

Products Affected

luxion

keyshot
keyshot_network_rendering
keyvr
keyshot_viewer

siemens

solid_edge_se2021
solid_edge_se2021_firmware
solid_edge_se2020
solid_edge_se2020_firmware

CWE

NVD-CWE-Other CWE-357

Insufficient UI Warning of Dangerous Operations

{"id": "CVE-2021-22645", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-02-23T04:15:14.210", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf", "tags": ["Third Party Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-357"}]}], "descriptions": [{"lang": "en", "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."}, {"lang": "es", "value": "Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anteriores a 10.1, son vulnerables a un ataque porque los documentos .bip muestran un comando \"load\", que puede ser apuntado a una .dll desde un recurso compartido de red remoto. Como resultado, el punto de entrada .dll puede ser ejecutado sin suficiente advertencia de la Interfaz de Usuario"}], "lastModified": "2021-03-23T17:51:47.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:luxion:keyshot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92EA043D-B0BD-4C61-B6C6-709C001F0363", "versionEndExcluding": "10.1"}, {"criteria": "cpe:2.3:a:luxion:keyshot_network_rendering:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99429D18-218B-4B84-B1E7-7E4B54B6CDD3", "versionEndExcluding": "10.1"}, {"criteria": "cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50848054-203F-4C61-8A26-154083FC0C15", "versionEndExcluding": "10.1"}, {"criteria": "cpe:2.3:a:luxion:keyvr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80310813-CE50-4876-85FF-18760DD5F502", "versionEndExcluding": "10.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:solid_edge_se2020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B8F6B67-0A8A-42E5-B9BD-3539475D7C92"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:solid_edge_se2020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2BB7C3E-32DA-477C-8C11-E35546BC5D61"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:solid_edge_se2021_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E83F677E-3133-407D-8089-E2682DBFDA1E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:solid_edge_se2021:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B9B3882-6975-42EA-A056-B6EC83E51E78"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}