Security Experts:

Connect with us

Hi, what are you looking for?



Siemens Addresses Code Execution Vulnerabilities Found in Popular CAD Library

Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product. The flaws are introduced by fourth-party software that is also used by many other organizations.

Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product. The flaws are introduced by fourth-party software that is also used by many other organizations.

The vulnerabilities were discovered in Siemens Solid Edge last year by security researcher Andrea Micalizzi (aka rgod), who has identified many vulnerabilities in industrial systems over the past years. The security holes were reported through Trend Micro’s Zero Day Initiative (ZDI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Solid Edge is a product development solution that includes tools for 3D design, simulation, manufacturing and design management.

Micalizzi discovered that the product is affected by five vulnerabilities, including four high-severity memory corruption issues that allow remote code execution, and one medium-severity XXE bug that can lead to information disclosure. The vulnerabilities can be exploited by tricking the targeted user into processing malicious CATPart, 3DXML, STP, PRT, or JT files.

Learn more about vulnerabilities in industrial systems at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

An analysis of the vulnerabilities revealed that they are introduced by the use of KeyShot, a 3D rendering and animation solution made by Luxion. Further analysis showed that the flaws are actually introduced by Datakit CrossCad/Ware, a library used by KeyShot for importing various CAD (computer-aided design) formats.

While to date it appears that only Siemens, KeyShot and CISA have released advisories for these vulnerabilities, CrossCad/Ware is used by many other products and they could all be vulnerable. On its website, France-based Datakit, which specializes in CAD data exchange solutions, says it collaborates as an OEM with more than 100 vendors, including many in North America and the APAC region.

Products using CrossCad/Ware

ZDI published advisories for each of the vulnerabilities on May 12 with a “0day” status since they had apparently not been patched.

However, Datakit said it patched the flaws with the release of CrossCAD/Ware version 2021.2 in April. Datakit has advised software vendors to upgrade to version 2021.2 or later — earlier releases are still affected. The company also recommended that users of impacted applications avoid opening untrusted files from unknown sources.

Luxion has released KeyShot 10.2, which includes the patched version of the Datakit library, and Siemens has advised Solid Edge customers to update KeyShot as instructed in Luxion’s security advisory.

Datakit told SecurityWeek that it will release a statement soon.

Related: Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution

Related: Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products

Related: Siemens Addresses 60 Vulnerabilities Introduced by Third-Party Components

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.