Siemens Simcenter Femap

Plan Patch7.8ICS-CERT ICSA-22-069-10Feb 17, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Simcenter Femap versions before 2022.1.1 contain buffer overflow vulnerabilities (CWE-787, CWE-121) triggered when the application reads malicious .NEU or .BDF format files. An attacker could exploit these to leak sensitive information or achieve remote code execution in the application context if a user opens a malicious file.

What this means

What could happen

If an engineer opens a malicious Femap project file, an attacker could steal sensitive engineering data or execute code with the privileges of the engineering workstation, potentially compromising design files and the integrity of models used in manufacturing or engineering processes.

Who's at risk

Engineering and design teams using Siemens Simcenter Femap for finite element analysis and CAD modeling. Affects manufacturing organizations, automotive suppliers, aerospace contractors, and any facility performing structural or thermal simulation work that relies on Femap for engineering design validation.

How it could be exploited

An attacker crafts a malicious .NEU or .BDF file and tricks a user into opening it in Femap. When the application parses the file, the buffer overflow is triggered, allowing code execution or information disclosure in the context of the Femap process running on that user's machine.

Prerequisites

User must open a malicious .NEU or .BDF file
Femap application must be installed and capable of opening the file
User interaction required (social engineering to open untrusted file)

No authentication required to exploitLow attack complexityUser interaction required (social engineering)Can result in code execution on engineering workstationsNo public exploits currently known

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

Simcenter Femap<V2022.1.12022.1.1

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDTrain users not to open .NEU or .BDF files from untrusted or unknown sources

WORKAROUNDDisable file type associations or preview handlers for .NEU and .BDF files if not actively used

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siemens Simcenter Femap to version 2022.1.1 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to restrict engineering workstations from receiving unsolicited files via email or external sources

CVEs (2)

CVE-2021-46162 CVE-2021-46699

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/754f982c-fc31-4bac-8f27-485a8361b45b