Multiple File Parsing Vulnerabilities in Simcenter Femap

Plan Patch7.8SSA-000072Feb 13, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Simcenter Femap contains multiple file parsing vulnerabilities (CWE-787, CWE-119, CWE-125, CWE-824) triggered when the application reads files in CATIA MODEL file formats. Opening a malicious file could cause the application to crash or potentially allow arbitrary code execution.

What this means

What could happen

An engineer tricked into opening a malicious CATIA model file could allow an attacker to crash Femap or execute arbitrary code on the engineering workstation, potentially compromising the design and simulation environment or accessing sensitive engineering data.

Who's at risk

Engineering teams using Simcenter Femap for finite element analysis and design simulation should prioritize this update. This affects design and simulation workstations in manufacturing, automotive, aerospace, and infrastructure sectors where engineers use Femap for model development and analysis.

How it could be exploited

An attacker crafts a malicious CATIA MODEL file and tricks an engineer into opening it in Simcenter Femap. When Femap parses the file, a buffer overflow or out-of-bounds read vulnerability is triggered, causing a crash or allowing code execution with the privileges of the user running Femap.

Prerequisites

User must open a malicious CATIA MODEL file in Simcenter Femap
Social engineering or file distribution to target engineers using affected versions

requires user interaction (file open)affects engineering workstationscode execution potentiallow EPSS score but proof-of-concept available

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Simcenter Femap<V2401.00002401.0000

Simcenter Femap<V2306.00012306.0001

Simcenter Femap<V2306.00002306.0000

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGEducate engineers on risks of opening CAD files from untrusted sources and verify file origin before opening

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Simcenter Femap

HOTFIXUpdate Simcenter Femap to version 2401.0000 or later (latest recommended version)

HOTFIXUpdate Simcenter Femap to version 2306.0001 or later if on 2306.x branch

All products

HARDENINGRestrict file sharing and CAD model distribution to trusted internal channels with verification controls

CVEs (7)

CVE-2024-24920 CVE-2024-24921 CVE-2024-24922 CVE-2024-24923 CVE-2024-24924 CVE-2024-24925 CVE-2024-27907

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fa70baf7-c1f1-4dbd-8bfa-871bb4de32eb