Siemens Questa and ModelSim

Plan PatchCVSS 9ICS-CERT ICSA-21-350-13Dec 14, 2021

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ModelSim Simulation and Questa Simulation store design data in unencrypted form on disk. An attacker with local access to a computer running these tools can read the unencrypted design intellectual property (IP) data, including hardware designs and verification logic. This vulnerability affects all versions of both products. The vulnerability is not remotely exploitable and requires local system access. Siemens recommends upgrading to the latest versions when available, though no specific patched versions are currently identified.

What this means

What could happen

An attacker with local access to a computer running ModelSim or Questa could read unencrypted design IP data, including proprietary hardware designs and verification logic used in semiconductor development.

Who's at risk

Semiconductor and hardware design teams using Siemens ModelSim or Questa for digital simulation and verification. This includes design engineers, verification teams, and any organization developing proprietary hardware designs that use these tools.

How it could be exploited

An attacker with local access (physical presence or compromised user account) can directly read unencrypted design data stored by ModelSim or Questa on the affected computer. No network access or authentication is required once on the system.

Prerequisites

Local access to the computer running ModelSim or Questa
The ability to read files on the affected system
Design IP data stored in unencrypted form on disk

No patch availableAffects proprietary design dataLow attack complexityDefault credentials potentially used for workstation accessAll versions affected

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (4)

2 pending2 EOL

ProductAffected VersionsFix Status

ModelSim SimulationAll versionsNo fix (EOL)

Questa SimulationAll versionsNo fix (EOL)

ModelSim Simulation: All VersionsAll versionsNo fix yet

Questa Simulation: All VersionsAll versionsNo fix yet

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGImplement access controls to limit who can log into computers running ModelSim or Questa to only those who need design IP access

HARDENINGApply technical and procedural measures to ensure access to design IP data is granted on a need-to-know basis

WORKAROUNDEnable disk-level encryption (such as BitLocker or LUKS) on computers storing design IP data

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

ModelSim Simulation

HOTFIXUpgrade to the latest version of ModelSim Simulation when available

Questa Simulation

HOTFIXUpgrade to the latest version of Questa Simulation when available

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: ModelSim Simulation, Questa Simulation. Apply the following compensating controls:

HARDENINGIf delivering design IP to customers, establish contractual and procedural controls to minimize risk of unauthorized access

CVEs (1)

CVE-2021-42023

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ccf64292-1915-4260-9019-c12a6a1f52c9

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.