Siemens Simcenter Femap

Plan Patch7.8ICS-CERT ICSA-22-104-15Apr 12, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Simcenter Femap versions before v2022.1.2 contain buffer overflow and out-of-bounds read vulnerabilities (CWE-125, CWE-787) in the parsing of .NEU file format. A user tricked into opening a malicious .NEU file could trigger information disclosure or remote code execution in the context of the Femap process. The vulnerabilities are not remotely exploitable and require user interaction. No known public exploits exist.

What this means

What could happen

An attacker could trick a user into opening a malicious .NEU file in Simcenter Femap to leak sensitive design information or execute arbitrary code on the engineering workstation with the privileges of the user running the application.

Who's at risk

Engineering and design teams using Siemens Simcenter Femap for finite element analysis and CAD design work, particularly anyone who receives or downloads .NEU model files from external sources or untrusted collaborators.

How it could be exploited

An attacker crafts a malicious .NEU (finite element model) file and tricks a user into opening it with Simcenter Femap, perhaps via email or a file-sharing site. When opened, the vulnerable code parsing the file format can be exploited to leak memory or execute code. This requires user interaction (opening the file) and affects only the local workstation.

Prerequisites

User must manually open a malicious .NEU file in Simcenter Femap
Vulnerable version of Simcenter Femap must be installed (before v2022.1.2)
User must have Simcenter Femap application access

Requires user interaction (file opening)Low complexity attackCould lead to code execution or data theftSocial engineering vector (email attachment)

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (1)

ProductAffected VersionsFix Status

Simcenter Femap<V2022.1.22022.1.2

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDo not open untrusted .NEU files or files from unknown sources in Simcenter Femap

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Simcenter Femap to version 2022.1.2 or later

Long-term hardening

0/1

HARDENINGEducate users on email phishing and social engineering to reduce likelihood of opening malicious files

CVEs (3)

CVE-2022-28661 CVE-2022-28662 CVE-2022-28663

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b54a8557-a3bc-4cdc-9711-2cfa1281646e