ICSA-21-035-01 · Published 2021-03-09 · View on CISA ICS-CERT ↗

Luxion KeyShot (Update A)

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow arbitrary code execution, the storing of arbitrary scripts into automatic startup folders, and the attacking of products without sufficient UI warning.

CVEs (5)

CVE-2021-22647 CVE-2021-22643 CVE-2021-22645 CVE-2021-22649 CVE-2021-22651

Remediations

Luxion has released an update to KeyShot (v10.1) and recommends users update to the latest version.
For more information on products dependent on the affected KeyShot products, see the following vendor security advisory:

Affected Vendors

Luxion

Affected Products (4)

Luxion · KeyShot Viewer < 10.1

Luxion · KeyShot Network Rendering < 10.1

Luxion · KeyVR < 10.1

Luxion · KeyShot < 10.1

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more