CVE-2021-22651

Published: Feb 23, 2021Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.

Affected (6)

Products: Luxion: Keyshot, Keyshot Network Rendering, Keyshot Viewer, Keyvr · Siemens: Solid Edge Se2020 Firmware, Solid Edge Se2021 Firmware

4 products

Keyshot Network Rendering

2 products

Solid Edge Se2020 Firmware

Solid Edge Se2021 Firmware

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Luxion Keyshot	Before 10.1
Luxion Keyshot Network Rendering	Before 10.1
Luxion Keyshot Viewer	Before 10.1
Luxion Keyvr	Before 10.1

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Solid Edge Se2020 Firmware	All versions

Running on/with	Platform Versions
Siemens Solid Edge Se2020	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Solid Edge Se2021 Firmware	All versions

Running on/with	Platform Versions
Siemens Solid Edge Se2021	All versions

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (6)

https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf

Source: ics-cert@hq.dhs.gov

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01

Source: ics-cert@hq.dhs.gov

PatchThird Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-21-324/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-21-324/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.