Siemens Questa and ModelSim

Plan Patch9ICS-CERT ICSA-21-350-13Dec 16, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ModelSim Simulation and Questa Simulation store design data in unencrypted form on disk. An attacker with local access to a computer running these tools can read the unencrypted design intellectual property (IP) data, including hardware designs and verification logic. This vulnerability affects all versions of both products. The vulnerability is not remotely exploitable and requires local system access. Siemens recommends upgrading to the latest versions when available, though no specific patched versions are currently identified.

What this means

What could happen

An attacker with local access to a computer running ModelSim or Questa could read unencrypted design IP data, including proprietary hardware designs and verification logic used in semiconductor development.

Who's at risk

Semiconductor and hardware design teams using Siemens ModelSim or Questa for digital simulation and verification. This includes design engineers, verification teams, and any organization developing proprietary hardware designs that use these tools.

How it could be exploited

An attacker with local access (physical presence or compromised user account) can directly read unencrypted design data stored by ModelSim or Questa on the affected computer. No network access or authentication is required once on the system.

Prerequisites

Local access to the computer running ModelSim or Questa
The ability to read files on the affected system
Design IP data stored in unencrypted form on disk

No patch availableAffects proprietary design dataLow attack complexityDefault credentials potentially used for workstation accessAll versions affected

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 pending

ProductAffected VersionsFix Status

ModelSim Simulation: All VersionsAll versionsNo fix yet

Questa Simulation: All VersionsAll versionsNo fix yet

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGImplement access controls to limit who can log into computers running ModelSim or Questa to only those who need design IP access

HARDENINGApply technical and procedural measures to ensure access to design IP data is granted on a need-to-know basis

WORKAROUNDEnable disk-level encryption (such as BitLocker or LUKS) on computers storing design IP data

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade to the latest version of ModelSim Simulation when available

HOTFIXUpgrade to the latest version of Questa Simulation when available

Long-term hardening

0/1

HARDENINGIf delivering design IP to customers, establish contractual and procedural controls to minimize risk of unauthorized access

CVEs (1)

CVE-2021-42023

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ccf64292-1915-4260-9019-c12a6a1f52c9