Siemens Simcenter Femap

Plan PatchCVSS 7.8ICS-CERT ICSA-26-134-05May 12, 2026

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Simcenter Femap versions prior to 2512.0003 are affected by a heap-based buffer overflow vulnerability in the Datakit library. The vulnerability is triggered when the application reads IPT format files. If a user opens a malicious IPT file, an attacker could execute arbitrary code with the privileges of the user running Femap.

What this means

What could happen

An attacker could execute arbitrary code on an engineering workstation running Femap if a user opens a malicious IPT file, potentially compromising the integrity of design models, simulations, or related systems that depend on Femap data.

Who's at risk

Engineering teams and design departments using Siemens Simcenter Femap for finite element analysis and simulation, particularly those working with IPT file formats from CAD systems. Affects workstations where engineers design or analyze mechanical components, structures, or simulations.

How it could be exploited

An attacker crafts a malicious IPT file and tricks a user into opening it in Femap. When Femap reads the file, the Datakit library processes it unsafely, triggering a heap overflow. This allows the attacker to overwrite memory and execute arbitrary code in the context of the Femap process.

Prerequisites

User must manually open a malicious IPT file in Femap
Femap must be installed and vulnerable version running
Attacker must be able to deliver the malicious file (email, file share, web download)

User interaction required (file open)Affects engineering workstationsHigh impact if code execution achieved

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Simcenter Femap< 2512.00032512.0003

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDInstruct users to avoid opening IPT files from untrusted sources until patched

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Simcenter Femap to version 2512.0003 or later

Long-term hardening

0/1

HARDENINGImplement email filtering or file sharing controls to block or quarantine IPT files from external sources

CVEs (1)

CVE-2025-12659

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5572e458-3c65-46ea-9b88-2d56fe4c929c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.