Siemens Simcenter Nastran

Plan Patch7.8ICS-CERT ICSA-24-137-05May 14, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Simcenter Nastran is affected by a stack overflow vulnerability in its application binary when processing arbitrary strings as file arguments. If a user is tricked into running the affected binary with a malicious input string, an attacker could execute arbitrary code in the context of the application process. This vulnerability is exploitable only through social engineering and local execution, not remotely.

What this means

What could happen

An attacker could execute arbitrary code on an engineering workstation running Simcenter Nastran if a user can be tricked into opening a malicious file or argument. This could allow the attacker to steal engineering data, modify simulation models, or compromise the workstation itself.

Who's at risk

Engineering teams and design departments using Simcenter Nastran for finite element analysis and simulation on Windows workstations. This affects organizations in aerospace, automotive, mechanical engineering, and heavy equipment manufacturing that use Simcenter Nastran for structural and thermal analysis.

How it could be exploited

An attacker crafts a malicious file or input string and tricks a user (via email, social engineering, or a compromised source) into running it as an argument to Simcenter Nastran. The stack overflow in the application binary is triggered when parsing the input, allowing code execution in the application's privilege context.

Prerequisites

User interaction required: victim must be tricked into running the application with the malicious file argument
Local file system access or ability to deliver the malicious file to the target workstation
Simcenter Nastran must be installed on the target workstation

No authentication requiredUser interaction required (social engineering)Stack overflow complexity is lowNo fix planned for versions 2306 and 2312 (end-of-life)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

1 with fix2 EOL

ProductAffected VersionsFix Status

Simcenter Nastran 2406<V2406.902406.90

Simcenter Nastran 2306All versionsNo fix (EOL)

Simcenter Nastran 2312All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

Simcenter Nastran 2306

WORKAROUNDFor Simcenter Nastran 2306 and 2312: Train users to avoid opening suspicious files from untrusted sources and be skeptical of unsolicited emails requesting them to open attachments or files

HARDENINGFor Simcenter Nastran 2306 and 2312: Implement email filtering and content inspection to reduce social engineering attack vectors

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Simcenter Nastran 2406

HOTFIXUpdate Simcenter Nastran 2406 to version 2406.90 or later

Simcenter Nastran 2306

HOTFIXPlan migration of users from Simcenter Nastran 2306 and 2312 to version 2406 or later as part of your patch management cycle

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Simcenter Nastran 2306, Simcenter Nastran 2312. Apply the following compensating controls:

HARDENINGRestrict access to engineering workstations running Simcenter Nastran to authorized personnel only

CVEs (1)

CVE-2024-33577

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/498e38fb-5bb7-47d8-91f8-1555970e789d