CVE-2021-27492 Information
Jun 07, 2022
cve
Description
When opening a specially crafted 3DXML file the application containing Datakit Software libraries CatiaV5_3dRead CatiaV6_3dRead Step3dRead Ug3dReadPsr Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external DTD.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-567/ https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.5
Share on: