Siemens Simcenter Femap

Plan Patch7.8ICS-CERT ICSA-25-079-03Mar 13, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Simcenter Femap contains a memory corruption vulnerability (CWE-119) triggered when the application reads malicious .NEU format files. If a user opens a crafted malicious file, an attacker could leak information or achieve remote code execution in the context of the user's process. This vulnerability is not remotely exploitable and requires user interaction. Affected versions are Simcenter Femap V2401 (before 2401.0003) and V2406 (before 2406.0002). Siemens has released patched versions and recommends updating to the latest versions.

What this means

What could happen

A user who opens a malicious .NEU file in Simcenter Femap could allow an attacker to leak sensitive engineering data or execute arbitrary code with the permissions of the user running the application, potentially compromising design files or sensitive process information.

Who's at risk

Engineering and design teams using Siemens Simcenter Femap for CAD/CAE work should be aware of this vulnerability. This affects any organization relying on Femap for mechanical design, finite element analysis (FEA), or simulation work, particularly those who exchange .NEU format files with external contractors or partners.

How it could be exploited

An attacker crafts a malicious .NEU file (Femap neutral format) and tricks a user into opening it in the vulnerable application through email, file sharing, or other social engineering. When opened, the memory corruption vulnerability is triggered, allowing code execution or information disclosure in the context of the user's process.

Prerequisites

User must open a malicious .NEU file in Simcenter Femap
Attacker must successfully socially engineer user to open the file
Vulnerability only affects specific Femap versions (V2401 before 0003, V2406 before 0002)

Requires user interaction (file opening)Low complexity attackNo authentication requiredCan leak sensitive design dataCan result in code execution on engineering workstation

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Simcenter Femap V2401<V2401.00032401.0003

Simcenter Femap V2406<V2406.00022406.0002

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDo not open untrusted or unfamiliar .NEU files from external sources in Femap

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Simcenter Femap V2401

HOTFIXUpdate Simcenter Femap V2401 to version 2401.0003 or later

Simcenter Femap V2406

HOTFIXUpdate Simcenter Femap V2406 to version 2406.0002 or later

Long-term hardening

0/2

HARDENINGEducate users on the risk of opening files from untrusted sources and implement file review procedures before opening design files

HARDENINGRestrict network access to engineering workstations running Femap using firewalls and network segmentation to limit exposure

CVEs (1)

CVE-2025-25175

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8613a83e-f9db-4627-9819-4a7dc93c97db