OTPulse
FeedAboutContact

Siemens Simcenter Femap

Low Risk3.3ICS-CERT ICSA-21-257-04Sep 14, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Siemens Simcenter Femap V2020.2 and V2021.1 contain a buffer over-read vulnerability (CWE-125) in modfem file parsing. When a user opens a malicious modfem file, the application reads beyond buffer boundaries, allowing an attacker to leak sensitive information from the workstation's memory. The vulnerability requires user interaction and is not remotely exploitable. Siemens has released a fix in version 2021.2.

What this means
What could happen
If an engineer opens a malicious modfem file in Simcenter Femap, an attacker could read sensitive data from the engineering workstation's memory, such as design files or credentials. This is a data leak risk, not a control risk, since the vulnerability does not affect the running industrial processes themselves.
Who's at risk
Engineering and design teams at utilities and industrial facilities who use Siemens Simcenter Femap (V2020.2 or V2021.1) for CAD and finite element analysis. This affects workstation-based engineering tools, not operational control systems or PLCs.
How it could be exploited
An attacker crafts a malicious modfem file and tricks an engineer into opening it via email or file sharing. When Simcenter Femap reads the file, a buffer over-read (CWE-125) causes sensitive data from the workstation memory to be leaked or displayed to the attacker.
Prerequisites
  • User interaction required: engineer must open a malicious modfem file
  • Malicious file must be delivered to the engineer (no remote exploitation)
  • Siemens Simcenter Femap V2020.2 or V2021.1 must be installed
requires user interactionlow complexity exploitationinformation disclosure only (no code execution or process impact)affects engineering workstations, not operational control systems
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Simcenter Femap V2020.2All versions2021.2
Simcenter Femap V2021.1All versions2021.2
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDDo not open modfem files from untrusted or unknown sources; verify the origin of design files before opening
HARDENINGProvide security awareness training to engineering staff on email scams and social engineering tactics used to deliver malicious files
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Simcenter Femap to version 2021.2 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f876bb38-b982-432a-a8e3-3faed94f5d1a
Siemens Simcenter Femap | CVSS 3.3 - OTPulse