Siemens Simcenter STAR-CCM+ Viewer

Plan Patch7.8ICS-CERT ICSA-21-257-05Sep 14, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Simcenter STAR-CCM+ Viewer is vulnerable to a buffer overflow when processing malicious scene (.sce) files. If a user opens a specially crafted scene file with an affected version of the viewer, the application may crash, allow arbitrary code execution, or enable data extraction on the host system. The vulnerability is triggered during file parsing and does not require network connectivity or elevated privileges—only user interaction to open the file.

What this means

What could happen

An attacker could trick a user into opening a malicious scene file with STAR-CCM+ Viewer, causing the application to crash or execute arbitrary code with the privileges of the user running the application, potentially leading to unauthorized access to design data or engineering files on the host system.

Who's at risk

Engineering and design teams that use Siemens STAR-CCM+ Viewer for computational fluid dynamics analysis and design review. This includes manufacturing, automotive, aerospace, and utility engineering departments where simulation and design files are routinely exchanged.

How it could be exploited

An attacker sends or hosts a malicious .sce (scene) file and tricks a user into opening it with Siemens STAR-CCM+ Viewer (via email, file share, or download link). When the viewer processes the file, the buffer overflow is triggered, allowing code execution on the host system with user-level privileges.

Prerequisites

User must open a malicious .sce file with an affected version of STAR-CCM+ Viewer
Target user must have STAR-CCM+ Viewer installed
No special privileges or network access required—this is local on the user's workstation

Low attack complexityUser interaction required (social engineering)Local execution only—not remotely exploitableCan lead to arbitrary code executionAffects engineering/design workstations (not direct OT control, but sensitive data exposure)No active exploitation reported

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

Simcenter STAR-CCM+ Viewer<V2021.2.12021.2.1

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDo not open scene (.sce) files from untrusted or unknown sources; implement user training on social engineering and phishing risks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Simcenter STAR-CCM+ Viewer to version 2021.2.1 or later

Long-term hardening

0/1

HARDENINGSegment engineering workstation networks and limit file sharing access to trusted internal sources only

CVEs (1)

CVE-2021-25665

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3fce491e-ae5c-445a-8761-453e6f8ed142