← Back

CVE-2021-27492

nvd nist
Published: May 27, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external DTD.

Affected (4)

Datakit
1 product
Crosscadware
Luxion
1 product
Keyshot
Siemens
2 products
Solid Edge Se2020 Firmware
Solid Edge Se2021 Firmware
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Crosscadware
Up to 2021.1
Keyshot
Up to 10.1
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Solid Edge Se2020 Firmware
All versions
Running on/withPlatform Versions
Siemens
Solid Edge Se2020
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Solid Edge Se2021 Firmware
All versions
Running on/withPlatform Versions
Siemens
Solid Edge Se2021
All versions

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (6)

Source: ics-cert@hq.dhs.gov
Third Party Advisory
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.