Vulnerability Details CVE-2021-27496
Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01
- https://www.zerodayinitiative.com/advisories/ZDI-21-565/
- https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01
- https://www.zerodayinitiative.com/advisories/ZDI-21-565/
Products affected by CVE-2021-27496
-
cpe:2.3:a:datakit:crosscadware:-
-
cpe:2.3:a:datakit:crosscadware:2021.1
-
cpe:2.3:a:luxion:keyshot:-
-
cpe:2.3:a:luxion:keyshot:10
-
cpe:2.3:a:luxion:keyshot:10.1
-
cpe:2.3:h:siemens:solid_edge_se2020:-
-
cpe:2.3:h:siemens:solid_edge_se2021:-
-
cpe:2.3:o:siemens:solid_edge_se2020_firmware:-
-
cpe:2.3:o:siemens:solid_edge_se2020_firmware:2020mp14
-
cpe:2.3:o:siemens:solid_edge_se2021_firmware:-
-
cpe:2.3:o:siemens:solid_edge_se2021_firmware:se2021mp15
-
cpe:2.3:o:siemens:solid_edge_se2021_firmware:se2021mp7