CVE-2021-27490 – This vulnerability allows an attacker to execut... (How to Fix)

Q: What is the severity of CVE-2021-27490?

CVE-2021-27490 has a CVSS score of 7.8 (HIGH). This vulnerability allows an attacker to execute arbitrary code by exploiting an out-of-bounds read in KeyShot's 3D file reading modules. Attackers can achieve remote code execution by tricking users into opening malicious 3D files. Users of KeyShot versions v10.1 and prior are affected.

📋 TL;DR

This vulnerability allows an attacker to execute arbitrary code by exploiting an out-of-bounds read in KeyShot's 3D file reading modules. Attackers can achieve remote code execution by tricking users into opening malicious 3D files. Users of KeyShot versions v10.1 and prior are affected.

💻 Affected Systems

Products:

KeyShot

Versions: v10.1 and prior

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, and Jt3dReadPsr modules when processing 3D files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within networks.

🟠

Likely Case

Remote code execution when users open malicious 3D files (CATIA, STEP, JT, UG formats), leading to malware installation or credential theft.

🟢

If Mitigated

Limited impact if proper file validation and user awareness prevent malicious file execution, though risk remains for legitimate but corrupted files.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but these could be delivered via email, downloads, or compromised websites.

🏢 Internal Only: HIGH - In enterprise environments, users frequently exchange 3D files internally, creating multiple attack vectors for lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files. The vulnerability is in widely used 3D file parsers, making weaponization likely despite no public PoC.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: KeyShot v10.2 or later

Vendor Advisory: https://www.keyshot.com/support/

Restart Required: Yes

Instructions:

1. Download KeyShot v10.2 or later from official website. 2. Install the update following vendor instructions. 3. Restart the application and system if prompted.

🔧 Temporary Workarounds

Restrict 3D file handling

all

Configure system to open 3D files in alternative applications or sandboxed environments

User awareness training

all

Train users to only open 3D files from trusted sources and verify file integrity

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Use network segmentation to isolate KeyShot systems from critical assets

🔍 How to Verify

Check if Vulnerable:

Check KeyShot version in Help > About menu. If version is 10.1 or earlier, system is vulnerable.

Check Version:

On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\Luxion\KeyShot\Version. On macOS/Linux: Check application info in About dialog.

Verify Fix Applied:

Verify version is 10.2 or later in Help > About menu and test opening known-safe 3D files.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening 3D files
Unusual process creation from KeyShot executable
Failed file parsing attempts in application logs

Network Indicators:

Unexpected outbound connections from KeyShot process
File downloads from untrusted sources followed by KeyShot execution

SIEM Query:

Process Creation where (Image contains 'keyshot' AND CommandLine contains '.3d' OR '.cat' OR '.step' OR '.jt' OR '.prt')

📊 Metadata

CVE ID: CVE-2021-27490

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: May 27, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-566/ Third Party Advisory,VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-566/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27490, you might also want to check these: