CVE-2021-22645

{"id": "CVE-2021-22645", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-02-23T04:15:14.210", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf", "tags": ["Third Party Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-357"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."}, {"lang": "es", "value": "Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anteriores a 10.1, son vulnerables a un ataque porque los documentos .bip muestran un comando \"load\", que puede ser apuntado a una .dll desde un recurso compartido de red remoto. Como resultado, el punto de entrada .dll puede ser ejecutado sin suficiente advertencia de la Interfaz de Usuario"}], "lastModified": "2024-11-21T05:50:22.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:luxion:keyshot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92EA043D-B0BD-4C61-B6C6-709C001F0363", "versionEndExcluding": "10.1"}, {"criteria": "cpe:2.3:a:luxion:keyshot_network_rendering:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99429D18-218B-4B84-B1E7-7E4B54B6CDD3", "versionEndExcluding": "10.1"}, {"criteria": "cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50848054-203F-4C61-8A26-154083FC0C15", "versionEndExcluding": "10.1"}, {"criteria": "cpe:2.3:a:luxion:keyvr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80310813-CE50-4876-85FF-18760DD5F502", "versionEndExcluding": "10.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:solid_edge_se2020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B8F6B67-0A8A-42E5-B9BD-3539475D7C92"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:solid_edge_se2020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2BB7C3E-32DA-477C-8C11-E35546BC5D61"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:solid_edge_se2021_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E83F677E-3133-407D-8089-E2682DBFDA1E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:solid_edge_se2021:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B9B3882-6975-42EA-A056-B6EC83E51E78"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}