Luxion KeyShot (Update A)

Plan Patch7.8ICS-CERT ICSA-21-035-01Feb 4, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

KeyShot (versions below 10.1), KeyShot Viewer, KeyShot Network Rendering, and KeyVR contain multiple vulnerabilities (CWE-787, CWE-125, CWE-357, CWE-822, CWE-22) that could allow arbitrary code execution, storing of arbitrary scripts in automatic startup folders, and insufficient UI warnings during product operation.

What this means

What could happen

An attacker who tricks a user into opening a malicious file could execute arbitrary code on the system running KeyShot, potentially compromising the workstation and any systems it connects to. This could affect engineering workstations used for design, modeling, or rendering workflows in manufacturing or design environments.

Who's at risk

This affects engineering and design workstations that use Luxion KeyShot products for 3D rendering, visualization, and design workflows. Organizations using KeyShot, KeyShot Viewer, or KeyShot Network Rendering in manufacturing design, product visualization, or architectural rendering should prioritize updates. The vulnerability is not network-exploitable on its own but poses risk to any user who handles design files from untrusted sources.

How it could be exploited

An attacker creates a malicious file (likely a design file or project) and delivers it via email or a compromised website. When a user opens the file in KeyShot, the vulnerabilities allow the attacker's code to execute with the privileges of the user running KeyShot. The attacker could also place scripts into startup folders for persistence across reboots.

Prerequisites

User interaction required: the victim must open a crafted file in KeyShot
Local access to the system running KeyShot
No special configuration or credentials needed

User interaction required (social engineering)Local exploitation onlyLow EPSS score (2.3%)Affects design/engineering workstationsNo public exploits known at time of advisory

Exploitability

Moderate exploit probability (EPSS 2.3%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

KeyShot Viewer:< 10.110.1

KeyShot:< 10.110.1

KeyVR:< 10.110.1

KeyShot Network Rendering:< 10.110.1

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDEducate users not to open unsolicited file attachments or click untrusted links, especially those claiming to contain design files or projects

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate KeyShot, KeyShot Viewer, KeyShot Network Rendering, and KeyVR to version 10.1 or later

Long-term hardening

0/1

HARDENINGRestrict use of KeyShot products to trusted sources for file input and validate file origins before opening

CVEs (5)

CVE-2021-22647 CVE-2021-22643 CVE-2021-22645 CVE-2021-22649 CVE-2021-22651

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f3bd57d3-7896-4428-b11b-585da6348633