OTPulse
FeedAboutContact

Insufficient Design IP Protection in IEEE 1735 Recommended Practice - Impact to Questa and ModelSim

Plan Patch9SSA-400332Dec 14, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Weaknesses in the IEEE 1735 recommended practice for Design IP encryption could allow a sophisticated attacker with local access to decrypt and extract proprietary design information from Questa and ModelSim simulation tools. The vulnerability exists in the encryption standard implementation itself, not just these Siemens products. Siemens is preparing updates and recommends security countermeasures while fixes are developed.

What this means
What could happen
An attacker with physical or local access to systems running Questa or ModelSim could decrypt and extract proprietary design IP that was intended to be protected by IEEE 1735 encryption. This affects intellectual property confidentiality rather than operational safety or system availability.
Who's at risk
Primarily semiconductor design, electronic design automation (EDA) teams, and manufacturers who use Siemens Questa or ModelSim simulators to develop or verify integrated circuits and programmable logic designs. Any organization protecting proprietary hardware designs through IEEE 1735 encrypted containers is affected.
How it could be exploited
An attacker would need to obtain encrypted Design IP files (VHD, Verilog, or encrypted container formats) from a system running Questa or ModelSim, then exploit weaknesses in the IEEE 1735 encryption standard implementation to decrypt and read the proprietary design information without authorization.
Prerequisites
  • Local or physical access to systems running affected simulators
  • Access to encrypted Design IP files (.vhd, .v, or IEEE 1735 containers)
  • Understanding of the IEEE 1735 encryption weakness (requires sophistication)
no patch availablehigh CVSS score (9.0)affects intellectual property confidentialityrequires local or physical access (reduces remote exploit risk)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
ModelSim SimulationAll versionsNo fix (EOL)
Questa SimulationAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict local and physical access to engineering workstations running Questa and ModelSim through access controls and log monitoring
HARDENINGImplement file-level access controls and audit logging on directories containing encrypted Design IP files
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Siemens security advisories for updated releases of Questa and ModelSim and apply them when available
Long-term hardening
0/1
WORKAROUNDConsider alternative IP protection mechanisms beyond IEEE 1735 encryption until patches are available
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/557435a2-a54c-48ba-9513-c6ee7d74e9ef