ICSA-21-145-01
·
Published 2021-05-25
·
View on CISA ICS-CERT ↗
Datakit Libraries bundled in Luxion KeyShot
CVSS 7.8
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could lead to execution of arbitrary code and disclosure of arbitrary files to unauthorized actors.
Remediations
- Datakit has released CrossCAD/Ware library Version 2021.2 and recommends software vendors upgrade to this version or later. Versions 2021.1 or earlier are still affected by the vulnerabilities.
- Datakit recommends that users of these applications should avoid opening untrusted files from unknown sources.
- Luxion has released an update to KeyShot (v10.2), as it is bundled with Datakit 2021.2, and recommends users update to the latest version.
- Luxion has published security advisory LSA-394129 for the affected products.
Affected Vendors
Datakit
Affected Products (6)
Datakit
·
Ug3dReadPsr
<= 2021.1
Datakit
·
Jt3dReadPsr
<= 2021.1
Datakit
·
KeyShot
<= 10.1
Datakit
·
CatiaV6_3dRead
<= 2021.1
Datakit
·
Step3dRead
<= 2021.1
Datakit
·
CatiaV5_3dRead
<= 2021.1
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more