Siemens Simcenter Femap

Plan PatchCVSS 7.8ICS-CERT ICSA-24-046-10Feb 13, 2024

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Simcenter Femap contains multiple file parsing vulnerabilities in Catia MODEL file format handling (CWE-787 buffer overflow, CWE-119 improper restriction of operations, CWE-125 out-of-bounds read, CWE-824 incomplete validation). Affected versions: Femap before 2401.0000, 2306.x before 2306.0001, and 2306.0000 (baseline for some CVEs). When a user opens a malicious Catia MODEL file, memory corruption occurs leading to application crash or arbitrary code execution. No public exploitation reported. Not remotely exploitable.

What this means

What could happen

If a user opens a malicious Catia MODEL file, Simcenter Femap could crash or an attacker could execute arbitrary code on the engineering workstation, potentially compromising design data or the workstation itself.

Who's at risk

Engineering teams using Simcenter Femap (a CAD/FEA preprocessor) for design and analysis work. This primarily affects design engineering workstations and CAD workstations at manufacturing facilities, utilities, and system integrators who use Siemens simulation tools.

How it could be exploited

An attacker crafts a malicious Catia MODEL file (.model format) and tricks a Simcenter Femap user into opening it via email, file sharing, or a compromised repository. The vulnerability in the file parser is triggered during file read, causing memory corruption that leads to code execution or application crash.

Prerequisites

User must open a malicious Catia MODEL file in Simcenter Femap
Simcenter Femap must be running on the workstation
User must be fooled or socially engineered to open the malicious file (no automatic exploitation)

Requires user interaction (file open)Low exploit complexityCould lead to arbitrary code executionNo authentication required to trigger the vulnerabilityAttack vector is file-based social engineering

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Simcenter Femap<V2401.00002401.0000

Simcenter Femap<V2306.00012306.0001

Simcenter Femap<V2306.00002306.0000

Remediation & Mitigation

0/5

Do now

0/2

Simcenter Femap

WORKAROUNDDo not open Catia MODEL files from untrusted sources in Simcenter Femap

All products

HARDENINGEducate users on recognizing and avoiding email-based social engineering attacks and suspicious file attachments

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Simcenter Femap

HOTFIXUpdate Simcenter Femap to version 2401.0000 or later

HOTFIXUpdate Simcenter Femap to version 2306.0001 or later (if version 2306.x is in use)

HOTFIXUpdate Simcenter Femap to version 2306.0000 (baseline fix for CVE-2024-24924 and CVE-2024-24925)

CVEs (7)

CVE-2024-24920 CVE-2024-24921 CVE-2024-24922 CVE-2024-24923 CVE-2024-24924 CVE-2024-24925 CVE-2024-27907

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c954837d-a13e-4f13-bfa5-2611865850d2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.