CVE-2021-22651

EPSS 2.6%CWE-22

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 2.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

23 feb 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.

Productos afectados

n/a · Luxion KeyShot Network Rendering n/a · Luxion KeyShot versions n/a · Luxion KeyShot Viewer n/a · Luxion KeyVR

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 https://www.zerodayinitiative.com/advisories/ZDI-21-324/