CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22645 – Siemens Solid Edge Viewer Insufficient UI Warning Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22645
23 Feb 2021 — Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning. Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeySho... • https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf • CWE-357: Insufficient UI Warning of Dangerous Operations •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22649 – Siemens Solid Edge Viewer JT File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22649
23 Feb 2021 — Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anteriores a 10.... • https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •