CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



Siemens Addresses Code Execution Vulnerabilities Found in Popular CAD Library

Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product. The flaws are introduced by fourth-party software that is also used by many other organizations.

Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product. The flaws are introduced by fourth-party software that is also used by many other organizations.

The vulnerabilities were discovered in Siemens Solid Edge last year by security researcher Andrea Micalizzi (aka rgod), who has identified many vulnerabilities in industrial systems over the past years. The security holes were reported through Trend Micro’s Zero Day Initiative (ZDI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Solid Edge is a product development solution that includes tools for 3D design, simulation, manufacturing and design management.

Micalizzi discovered that the product is affected by five vulnerabilities, including four high-severity memory corruption issues that allow remote code execution, and one medium-severity XXE bug that can lead to information disclosure. The vulnerabilities can be exploited by tricking the targeted user into processing malicious CATPart, 3DXML, STP, PRT, or JT files.

Learn more about vulnerabilities in industrial systems at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

An analysis of the vulnerabilities revealed that they are introduced by the use of KeyShot, a 3D rendering and animation solution made by Luxion. Further analysis showed that the flaws are actually introduced by Datakit CrossCad/Ware, a library used by KeyShot for importing various CAD (computer-aided design) formats.

While to date it appears that only Siemens, KeyShot and CISA have released advisories for these vulnerabilities, CrossCad/Ware is used by many other products and they could all be vulnerable. On its website, France-based Datakit, which specializes in CAD data exchange solutions, says it collaborates as an OEM with more than 100 vendors, including many in North America and the APAC region.

Products using CrossCad/Ware

ZDI published advisories for each of the vulnerabilities on May 12 with a “0day” status since they had apparently not been patched.

Advertisement. Scroll to continue reading.

However, Datakit said it patched the flaws with the release of CrossCAD/Ware version 2021.2 in April. Datakit has advised software vendors to upgrade to version 2021.2 or later — earlier releases are still affected. The company also recommended that users of impacted applications avoid opening untrusted files from unknown sources.

Luxion has released KeyShot 10.2, which includes the patched version of the Datakit library, and Siemens has advised Solid Edge customers to update KeyShot as instructed in Luxion’s security advisory.

Datakit told SecurityWeek that it will release a statement soon.

Related: Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution

Related: Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products

Related: Siemens Addresses 60 Vulnerabilities Introduced by Third-Party Components

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.