Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product. The flaws are introduced by fourth-party software that is also used by many other organizations.
The vulnerabilities were discovered in Siemens Solid Edge last year by security researcher Andrea Micalizzi (aka rgod), who has identified many vulnerabilities in industrial systems over the past years. The security holes were reported through Trend Micro’s Zero Day Initiative (ZDI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Solid Edge is a product development solution that includes tools for 3D design, simulation, manufacturing and design management.
Micalizzi discovered that the product is affected by five vulnerabilities, including four high-severity memory corruption issues that allow remote code execution, and one medium-severity XXE bug that can lead to information disclosure. The vulnerabilities can be exploited by tricking the targeted user into processing malicious CATPart, 3DXML, STP, PRT, or JT files.
Learn more about vulnerabilities in industrial systems at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series
An analysis of the vulnerabilities revealed that they are introduced by the use of KeyShot, a 3D rendering and animation solution made by Luxion. Further analysis showed that the flaws are actually introduced by Datakit CrossCad/Ware, a library used by KeyShot for importing various CAD (computer-aided design) formats.
While to date it appears that only Siemens, KeyShot and CISA have released advisories for these vulnerabilities, CrossCad/Ware is used by many other products and they could all be vulnerable. On its website, France-based Datakit, which specializes in CAD data exchange solutions, says it collaborates as an OEM with more than 100 vendors, including many in North America and the APAC region.
ZDI published advisories for each of the vulnerabilities on May 12 with a “0day” status since they had apparently not been patched.
However, Datakit said it patched the flaws with the release of CrossCAD/Ware version 2021.2 in April. Datakit has advised software vendors to upgrade to version 2021.2 or later — earlier releases are still affected. The company also recommended that users of impacted applications avoid opening untrusted files from unknown sources.
Luxion has released KeyShot 10.2, which includes the patched version of the Datakit library, and Siemens has advised Solid Edge customers to update KeyShot as instructed in Luxion’s security advisory.
Datakit told SecurityWeek that it will release a statement soon.
Related: Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution
Related: Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products
Related: Siemens Addresses 60 Vulnerabilities Introduced by Third-Party Components

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
Latest News
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
