Full Report
The Solid Edge installation package includes a specific version of the third-party product KeyShot from Luxion : https://www.keyshot.com, which may not contain the latest security fixes provided by Luxion. Siemens recommends to update KeyShot according to the information in the Luxion Security Advisory LSA-610622: https://download.keyshot.com/cert/lsa-610622/lsa-610622.pdf.
Analysis Summary
# Vulnerability: Out-of-Bounds Memory Flaw in Luxion KeyShot Bundled with Solid Edge
## CVE Details
- **CVE ID:** CVE-2021-27044
- **CVSS Score:** 7.8 (High)
- **CVSS Vector:** CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- **CWE:** CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
## Affected Systems
- **Products:** Siemens Solid Edge SE2023
- **Versions:** All versions of SE2023 (specifically those bundling KeyShot version 11)
- **Configurations:** Systems utilizing the KeyShot FBX importer (`luxion_geometry_fbx.exe`)
## Vulnerability Description
The vulnerability exists within the `luxion_geometry_fbx.exe` component of Luxion KeyShot, which is bundled with the Siemens Solid Edge installation package. This component utilizes an outdated version of Autodesk FBX Review (version 1.4.0). The software fails to properly restrict operations within the bounds of a memory buffer (out-of-bounds read/write), which can be triggered when processing specifically crafted FBX files.
## Exploitation
- **Status:** PoC available (Note: CVSS exploitability sub-score "E:P" indicates a proof-of-concept is likely available).
- **Complexity:** Low
- **Attack Vector:** Local (Requires user interaction to open a malicious file).
## Impact
- **Confidentiality:** High (Information disclosure possible)
- **Integrity:** High (Arbitrary code execution possible)
- **Availability:** High (Application crash or system instability)
## Remediation
### Patches
- **Update KeyShot:** Siemens recommends updating the bundled KeyShot 11 to **KeyShot V2023.1** or later. Users can refer to the Luxion Security Advisory LSA-610622 for specific update instructions.
### Workarounds
- **File Handling:** Avoid opening untrusted FBX files or files from unknown sources.
- **Access Control:** Restrict network access to industrial devices and follow Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unusual application crashes when importing FBX files via `luxion_geometry_fbx.exe`.
- **Detection Methods:** Audit installed versions of KeyShot within the Solid Edge directory to ensure they are at version 2023.1 or higher. Monitor for unauthorized file execution originating from the KeyShot geometry importer.
## References
- **Siemens Advisory:** hxxps://cert-portal.siemens[.]com/productcert/pdf/ssa-572164.pdf
- **Luxion Security Advisory LSA-610622:** hxxps://download.keyshot[.]com/cert/lsa-610622/lsa-610622.pdf
- **AutoDesk Advisory ADSK-SA-2021-0001:** hxxps://www.autodesk[.]com/trust/security-advisories/adsk-sa-2021-0001
- **Siemens Operational Guidelines:** hxxps://www.siemens[.]com/cert/operational-guidelines-industrial-security