Siemens Simcenter Femap

Plan Patch7.8ICS-CERT ICSA-24-193-04Jul 9, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Simcenter Femap contains multiple file parsing vulnerabilities in IGS, BDF, and BMP file format handlers (CWE-125, CWE-787, CWE-843, CWE-119, CWE-121). When a user opens a malicious file in one of these formats, the application may crash or execute arbitrary code.

What this means

What could happen

An attacker could trick a Femap user into opening a malicious CAD file, causing the application to crash or potentially execute arbitrary code on the engineering workstation with the user's privileges.

Who's at risk

Engineering and design teams using Siemens Simcenter Femap for CAD modeling and finite element analysis. This affects workstations running Femap versions prior to 2406, particularly where users may receive or download CAD files from untrusted sources.

How it could be exploited

An attacker crafts a malicious file in IGS, BDF, or BMP format and delivers it to a Femap user (via email, file sharing, or compromised website). When the user opens the file in Femap, the file parser is triggered, and buffer overflow or out-of-bounds read vulnerabilities in the parser allow code execution or denial of service.

Prerequisites

User must open a malicious file using Simcenter Femap
File must be in IGS, BDF, or BMP format
User interaction required (file open action)
Vulnerability is local, not remotely exploitable

User interaction required (file open)Low attack complexityHigh integrity and confidentiality impactAffects engineering workstations with potential access to design data and manufacturing instructions

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Simcenter Femap<V24062406

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDo not open untrusted or unexpected IGS, BDF, or BMP files using Simcenter Femap

HARDENINGEducate users to verify file sources and not open unsolicited CAD files or attachments from unknown senders

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Simcenter Femap to version 2406 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate engineering workstations from untrusted networks and the internet

CVEs (15)

CVE-2024-32055 CVE-2024-32056 CVE-2024-32057 CVE-2024-32058 CVE-2024-32059 CVE-2024-32060 CVE-2024-32061 CVE-2024-32062 CVE-2024-32063 CVE-2024-32064 CVE-2024-32065 CVE-2024-32066 CVE-2024-33577 CVE-2024-33653 CVE-2024-33654

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4ccee549-7721-42c3-877a-815a14c3d382