Security News > 2021 > May > Siemens Addresses Code Execution Vulnerabilities Found in Popular CAD Library
Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product.
The vulnerabilities were discovered in Siemens Solid Edge last year by security researcher Andrea Micalizzi, who has identified many vulnerabilities in industrial systems over the past years.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
An analysis of the vulnerabilities revealed that they are introduced by the use of KeyShot, a 3D rendering and animation solution made by Luxion.
Further analysis showed that the flaws are actually introduced by Datakit CrossCad/Ware, a library used by KeyShot for importing various CAD formats.
ZDI published advisories for each of the vulnerabilities on May 12 with a "0day" status since they had apparently not been patched.