Siemens Simcenter Femap

Plan Patch7.8ICS-CERT ICSA-22-041-03Feb 8, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Simcenter Femap contains multiple buffer overflow and type confusion vulnerabilities (CWE-787, CWE-843, CWE-119, CWE-121) that are triggered when the application reads maliciously crafted .NEU format files. Exploitation requires user interaction to open a malicious file. Successful exploitation could result in information disclosure or remote code execution in the context of the application process.

What this means

What could happen

An attacker could trick an engineer into opening a malicious Femap file, leading to information disclosure or arbitrary code execution on the engineering workstation. This could compromise design data or allow attackers to modify simulation and analysis files before they are used in plant operations.

Who's at risk

This affects engineers and design teams who use Siemens Simcenter Femap for finite element analysis and simulation. It impacts any organization that uses Femap v2020.2 or v2021.1 for plant design, equipment modeling, or process simulation work. The primary risk is to engineering workstations and the integrity of design data used in industrial processes.

How it could be exploited

An attacker creates a malicious .NEU file and tricks a user (typically an engineer using Simcenter Femap) into opening it within the Femap application. The malformed file triggers a buffer overflow or type confusion flaw in the file parser, allowing the attacker to leak memory or execute arbitrary code with the privileges of the user running Femap.

Prerequisites

User must open a .NEU file in Simcenter Femap (requires social engineering or file delivery mechanism)
Vulnerable version of Simcenter Femap must be installed (v2020.2 or v2021.1)
No elevated privileges or special credentials required

User interaction required (reduces but does not eliminate risk)Affects engineering workstations and design workflowsPotential for code execution in engineering contextMultiple vulnerability types (buffer overflow, type confusion)No active public exploits reported

Exploitability

Moderate exploit probability (EPSS 1.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Simcenter Femap V2020.2All versions2022.1

Simcenter Femap V2021.1All versions2022.1

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDo not open .NEU files from untrusted sources or unknown senders

HARDENINGEducate engineers on the risks of opening files from untrusted sources

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Simcenter Femap to version 2022.1 or later

HARDENINGRestrict Femap installation and use to authorized engineering staff only

CVEs (11)

CVE-2021-46151 CVE-2021-46152 CVE-2021-46153 CVE-2021-46154 CVE-2021-46155 CVE-2021-46156 CVE-2021-46157 CVE-2021-46158 CVE-2021-46159 CVE-2021-46160 CVE-2021-46161

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/06d15ace-5dd1-4d7d-9242-fb3f14d27ad7