Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap

Plan Patch7.8SSA-133038Jun 8, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Simcenter Femap is affected by two file parsing vulnerabilities in modfem file handling. When a user opens a malicious modfem file with the affected application, the vulnerabilities could trigger a crash or potentially allow arbitrary code execution and data extraction on the host system.

What this means

What could happen

An attacker could cause Simcenter Femap to crash or execute arbitrary code if an engineer opens a malicious design file, potentially compromising the engineering workstation and any simulations or data it contains.

Who's at risk

Engineering departments and design teams using Simcenter Femap 2020.2 or 2021.1 for mechanical simulation and finite element modeling on Windows workstations are affected. This includes automotive, aerospace, industrial equipment, and manufacturing organizations that rely on Femap for product design and analysis.

How it could be exploited

An attacker creates a malicious modfem file and tricks an engineer into opening it in Simcenter Femap. The application parses the malformed file and triggers a buffer overflow or memory corruption, allowing code execution or causing the application to crash and lose work.

Prerequisites

User must open a malicious modfem file in Simcenter Femap
Attacker must be able to deliver the malicious file (via email, file share, USB, or social engineering)
Vulnerable version of Femap must be in use

Requires user interaction (opening malicious file)Low attack complexityAffects engineering workstations and design processesPatch available from vendor

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Simcenter Femap 2020.2< V2020.2.MP32020.2.MP3

Simcenter Femap 2021.1< V2021.1.MP32021.1.MP3

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGEstablish policy to avoid opening modfem files from untrusted or unknown sources

HARDENINGEducate engineering staff on risks of opening files from external sources

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Simcenter Femap 2020.2

HOTFIXUpdate Simcenter Femap 2020.2 to version 2020.2.MP3 or later

Simcenter Femap 2021.1

HOTFIXUpdate Simcenter Femap 2021.1 to version 2021.1.MP3 or later

CVEs (2)

CVE-2021-27387 CVE-2021-27399

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/414a7024-5b19-4cb6-986d-59cc91218c1b