Siemens Simcenter Femap

Plan PatchCVSS 7.8ICS-CERT ICSA-25-079-03Mar 13, 2025

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Simcenter Femap versions V2401 (before 0003) and V2406 (before 0002) contain a memory corruption vulnerability triggered when opening malicious .NEU format files. The vulnerability could allow information disclosure or remote code execution in the context of the user running the application. Siemens has released patched versions and recommends users update to V2401.0003 or V2406.0002 or later, and avoid opening untrusted NEU files.

What this means

What could happen

An attacker could trick a user into opening a malicious .NEU file in Simcenter Femap, allowing information disclosure or potential code execution on the engineering workstation. This could compromise the confidentiality and integrity of your design and simulation data.

Who's at risk

Engineering teams and simulation specialists who use Siemens Simcenter Femap (versions 2401 and 2406) for finite element analysis and design optimization on Windows workstations. This affects design and analysis workflows at utilities, manufacturers, and engineering firms.

How it could be exploited

An attacker crafts a malicious .NEU file and tricks a user (via email, removable media, or social engineering) into opening it in an affected version of Simcenter Femap. The memory corruption vulnerability is triggered when the application parses the file, allowing information leakage or arbitrary code execution in the context of the logged-in user.

Prerequisites

User with access to Simcenter Femap application must open the malicious file
Affected version of Simcenter Femap must be installed (V2401 earlier than 2401.0003, or V2406 earlier than 2406.0002)
User interaction required—file must be intentionally opened

memory corruption vulnerabilityrequires user interactionaffects design/simulation toolslow exploit complexityhigh impact (confidentiality, integrity, execution)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Simcenter Femap V2401<V2401.00032401.0003

Simcenter Femap V2406<V2406.00022406.0002

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDo not open .NEU files from untrusted sources or external vendors until patched

HARDENINGEducate users to verify file sources and avoid opening unsolicited .NEU files

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Simcenter Femap V2401

HOTFIXUpdate Simcenter Femap V2401 to version 2401.0003 or later

Simcenter Femap V2406

HOTFIXUpdate Simcenter Femap V2406 to version 2406.0002 or later

CVEs (1)

CVE-2025-25175

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8613a83e-f9db-4627-9819-4a7dc93c97db

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.