Siemens Simcenter Femap before V2023.1

Plan PatchCVSS 7.8ICS-CERT ICSA-23-047-06Nov 8, 2022

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Simcenter Femap before version 2023.1 is affected by out-of-bounds read and write vulnerabilities (CWE-125, CWE-787) triggered when the application processes X_T format files. If a user opens a malicious X_T file, an attacker can execute arbitrary code in the process context. Siemens has released version 2023.1 with fixes. Exploitation requires social engineering to convince a user to open a crafted file and is not remotely exploitable.

What this means

What could happen

An attacker could execute code with the privileges of the user running Simcenter Femap if a user opens a specially crafted X_T file, potentially compromising engineering workstations and design data used in system modeling and analysis.

Who's at risk

Engineering and design teams using Simcenter Femap (a finite element analysis and modeling tool) for mechanical design, simulation, and analysis work. This affects organizations in automotive, aerospace, manufacturing, and utilities that rely on CAD/simulation workflows.

How it could be exploited

An attacker crafts a malicious X_T (Parasolid) file and tricks a user into opening it in Simcenter Femap through social engineering (email attachment, shared file, etc.). When opened, the out-of-bounds read/write vulnerability is triggered, allowing code execution in the application's context on the engineer's workstation.

Prerequisites

User with Simcenter Femap installed (typically engineering or analysis staff)
User must be convinced to open a malicious X_T file
Simcenter Femap version before 2023.1 must be installed

Local execution only (not remotely exploitable)Requires user interaction to open malicious fileSocial engineering / phishing attack vectorCan affect engineering design integrity and IP theft

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

Parasolid V34.0< V34.0.25234.0.252

Parasolid V34.0≥ V34.0.252 < V34.0.25434.0.254

Parasolid V34.1< V34.1.24234.1.242

Parasolid V34.1≥ V34.1.242 < V34.1.24434.1.244

Parasolid V35.0< V35.0.17035.0.170

Parasolid V35.0≥ V35.0.170 < V35.0.18435.0.184

Simcenter Femap<V2023.12023.1

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDInstruct users to avoid opening X_T files from untrusted sources and verify file origin before opening

HARDENINGImplement email filtering and attachment policies to block or flag X_T files from external sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

Simcenter Femap

HOTFIXUpdate Simcenter Femap to version 2023.1 or later

Long-term hardening

0/1

HARDENINGSegment engineering workstations from business network and restrict file sharing from untrusted sources

CVEs (2)

CVE-2022-39157 CVE-2022-43397

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a194f3c8-bb72-4392-8a3e-75194e70af04

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.