File Parsing Vulnerabilities in Simcenter Femap before V2022.1

Plan Patch7.8SSA-609880Feb 8, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Simcenter Femap versions V2020.2 and V2021.1 contain multiple file parsing vulnerabilities (CWE-787, CWE-843, CWE-119, CWE-121) triggered when reading .NEU format files. If a user opens a malicious .NEU file, an attacker could leak sensitive information or achieve remote code execution in the context of the Femap process. The vulnerabilities stem from improper memory handling during file parsing.

What this means

What could happen

An attacker could craft a malicious .NEU file that, when opened by an engineer in Simcenter Femap, could expose sensitive design data or execute arbitrary commands with the privileges of the engineering workstation user.

Who's at risk

Engineering teams using Simcenter Femap for finite element analysis and CAD-CAM design work. This affects manufacturing companies, product design firms, and large industrial organizations that use Siemens simulation and design software.

How it could be exploited

An attacker creates a malicious .NEU (Femap neutral format) file and delivers it to an engineer via email, file sharing, or compromised project repository. When the engineer opens the file in Simcenter Femap, the file parsing vulnerabilities in the application are triggered, allowing the attacker to read files from the workstation or execute code in the Femap process context.

Prerequisites

User must open a malicious .NEU file with Simcenter Femap
Social engineering required to convince user to open untrusted file
User must be running vulnerable version (V2020.2 or V2021.1)

User interaction requiredLow complexity exploitFile format parsing vulnerabilityCould lead to code execution or data theft

Exploitability

Moderate exploit probability (EPSS 1.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Simcenter Femap V2020.2All versions2022.1

Simcenter Femap V2021.1All versions2022.1

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGImplement file origin controls: block or warn users when opening .NEU files from untrusted sources such as email attachments or unverified network locations

HARDENINGEducate engineering staff not to open .NEU files from unknown or untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Simcenter Femap to version 2022.1 or later

CVEs (11)

CVE-2021-46151 CVE-2021-46153 CVE-2021-46154 CVE-2021-46155 CVE-2021-46156 CVE-2021-46157 CVE-2021-46158 CVE-2021-46159 CVE-2021-46160 CVE-2021-46152 CVE-2021-46161

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2cc8e1ae-2ffe-4361-a01c-656dd1fb9251