Vulnerabilities > Luxion

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-27496 Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files.
local
low complexity
luxion datakit siemens
7.8
2021-02-23 CVE-2021-22651 Path Traversal vulnerability in multiple products
When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.
local
low complexity
luxion siemens CWE-22
7.8
2021-02-23 CVE-2021-22649 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.
local
low complexity
luxion siemens CWE-119
7.8
2021-02-23 CVE-2021-22647 Out-of-bounds Write vulnerability in multiple products
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.
local
low complexity
luxion siemens CWE-787
7.8
2021-02-23 CVE-2021-22645 Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share.
local
low complexity
luxion siemens
7.8
2021-02-23 CVE-2021-22643 Out-of-bounds Read vulnerability in multiple products
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
local
low complexity
luxion siemens CWE-125
7.8