Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HLuxion Keyshot
APPLuxion< 10.1Luxion Keyshot Network Rendering
APPLuxion< 10.1Luxion Keyshot Viewer
APPLuxion< 10.1Luxion Keyvr
APPLuxion< 10.1Siemens Solid Edge Se2020
HWSiemenswszystkie wersjeSiemens Solid Edge Se2020 Firmware
OSSiemenswszystkie wersjeSiemens Solid Edge Se2021
HWSiemenswszystkie wersjeSiemens Solid Edge Se2021 Firmware
OSSiemenswszystkie wersje
Related vulnerabilities
Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability al...
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vuln...
Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows ...
Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vu...
Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vuln...