CVE-2021-27492

Sažetak

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external DTD.

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf
https://www.zerodayinitiative.com/advisories/ZDI-21-567/
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-06-2021 - 17:47

Objavljeno

27-05-2021 - 16:15