CVE-2021-27492

Name of the Vulnerable Software and Affected Versions KeyShot versions prior to v10.1 Siemens Solid Edge Viewer (affected versions not specified)

Description The issue allows disclosure of arbitrary files to remote attackers when a specially crafted 3DXML file is opened. This is due to the passing of specially crafted content to the underlying XML parser without proper restrictions, such as prohibiting an external DTD.

Recommendations For KeyShot versions prior to v10.1, update to a version newer than v10.1 to resolve the issue. For Siemens Solid Edge Viewer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.