Remote Code Execution Vulnerability in Simcenter Amesim before V2021.1
Act Now9.8SSA-386812Oct 10, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Simcenter Amesim contains a vulnerable SOAP endpoint that allows an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process.
What this means
What could happen
An attacker could execute arbitrary code on systems running vulnerable versions of Simcenter Amesim, potentially compromising engineering workstations and gaining access to simulation models and control system design data.
Who's at risk
Engineering teams and control system designers using Simcenter Amesim for simulation and modeling on workstations connected to corporate networks. This affects utilities and manufacturers that rely on Amesim for designing and validating process control logic before deployment to PLCs and DCS systems.
How it could be exploited
An attacker sends a specially crafted request to the unprotected SOAP endpoint exposed by Simcenter Amesim over the network. The SOAP service processes the request without authentication and performs insecure DLL loading, allowing the attacker to inject and execute a malicious DLL with the privileges of the Amesim process.
Prerequisites
- Network access to the Simcenter Amesim SOAP endpoint (typically port 8080 or similar HTTP service port)
- Vulnerable version of Simcenter Amesim is installed and the SOAP service is running and reachable
- No authentication required
remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects engineering workstations
Exploitability
Low exploit probability (EPSS 1.0%)
Affected products (1)
ProductAffected VersionsFix Status
Simcenter Amesim<V2021.12021.1
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to Simcenter Amesim SOAP endpoints using firewall rules or host-based filters; limit to trusted engineering workstations only
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Simcenter Amesim to version 2021.1 or later
Long-term hardening
0/1HARDENINGSegment engineering workstations running Simcenter Amesim from production control networks using a DMZ or separate VLAN
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2111ac29-c51f-48f2-84e3-6d9e5064cc81