CVE-2021-22651

EPSS 2.6%CWE-22

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 2.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

23 fev 2021Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.

Produtos afetados

n/a · Luxion KeyShot Network Rendering n/a · Luxion KeyShot versions n/a · Luxion KeyShot Viewer n/a · Luxion KeyVR

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 https://www.zerodayinitiative.com/advisories/ZDI-21-324/