
4.2.5 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 A CVSS v3 base score of 7.8 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The affected product has multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.ĬVE-2021-22649 has been assigned to this vulnerability. 4.2.4 UNTRUSTED POINTER DEREFERENCE CWE-822 dll entry point can be executed without sufficient UI warning.ĬVE-2021-22645 has been assigned to this vulnerability. bip documents display a “load” command, which can be pointed to a. The affected product is vulnerable to an attack because the. 4.2.3 INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357

The affected product is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.ĬVE-2021-22643 has been assigned to this vulnerability. The affected product is vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.ĬVE-2021-22647 has been assigned to this vulnerability.

This updated advisory is a follow-up to the original advisory titled ICSA-21-035-01 Luxion KeyShot that was published February 4, 2021, on the ICS webpage on.


