CVE-2021-27492

Опубликовано: 27 мая 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external DTD.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01
Third Party Advisory
US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-567/
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01
Third Party Advisory
US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-567/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:datakit:crosscadware:*:*:*:*:*:*:*:*

Версия до 2021.1 (включая)

cpe:2.3:a:luxion:keyshot:*:*:*:*:*:*:*:*

Версия до 10.1 (включая)

Конфигурация 2

Одновременно

cpe:2.3:o:siemens:solid_edge_se2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:solid_edge_se2020:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:siemens:solid_edge_se2021_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:solid_edge_se2021:-:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00949

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-vx6v-35rf-7cf4

github

больше 3 лет назад