Siemens Simcenter Femap

Plan Patch7.8ICS-CERT ICSA-21-159-12Jun 8, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Simcenter Femap contains two vulnerabilities triggered when reading modfem files. An attacker could craft a malicious modfem file that, if opened by a user, causes the application to crash, or potentially executes arbitrary code or extracts data on the host system. The vulnerabilities are not remotely exploitable; they require user interaction (opening a malicious file).

What this means

What could happen

If an engineer opens a malicious modfem file, the Femap application could crash or an attacker could run commands on the engineering workstation with the user's privileges, potentially accessing design files, project data, or using the workstation as a pivot point to the plant network.

Who's at risk

Engineering and design teams using Siemens Simcenter Femap for finite element analysis and modeling work, particularly in manufacturing, automotive, aerospace, and engineering design firms. Any organization where engineers use Femap to design or analyze components or systems should apply patches.

How it could be exploited

An attacker crafts a malicious modfem file and tricks or socially engineers a user (engineer, technician) into opening it. When Femap reads the file, a buffer overflow or memory corruption vulnerability is triggered, allowing the attacker to crash the app or execute arbitrary code on the workstation with the user's privileges.

Prerequisites

User must open a malicious modfem file with Siemens Simcenter Femap
Attacker must deliver the malicious file (email, file share, USB, etc.)
Affected version of Femap must be installed (2020.2 before MP3, or 2021.1 before MP3)

Requires user interaction (file opening)Low complexity exploitationAffects engineering workstations and design dataNo patch available for other Femap versions (only 2020.2 and 2021.1 addressed)

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Simcenter Femap 2020.2<V2020.2.MP32020.2.MP3

Simcenter Femap 2021.1<V2021.1.MP32021.1.MP3

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDo not open or allow users to open modfem files from untrusted or unknown sources

WORKAROUNDEducate engineering staff to verify the source of modfem files before opening them

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Simcenter Femap 2020.2

HOTFIXUpdate Simcenter Femap 2020.2 to v2020.2.MP3 or later

Simcenter Femap 2021.1

HOTFIXUpdate Simcenter Femap 2021.1 to v2021.1.MP3 or later

Long-term hardening

0/1

HARDENINGIsolate engineering workstations running Femap from direct internet access and restrict file sharing from external networks

CVEs (2)

CVE-2021-27387 CVE-2021-27399

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a821c0ad-8b41-4ff5-bd81-1a893341f780