CVE-2021-27494

EUVD-2021-14248
Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing STP files. This could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
datakitcrosscadware
𝑥
≤ 2021.1
luxionkeyshot
𝑥
≤ 10.1
siemenssolid_edge_se2020_firmware
*
siemenssolid_edge_se2021_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01
https://www.zerodayinitiative.com/advisories/ZDI-21-564/
https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01
https://www.zerodayinitiative.com/advisories/ZDI-21-564/