Full Report
Simcenter Femap contains multiple file parsing vulnerabilities that could be triggered when the application reads files in Catia MODEL file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released a new version for Simcenter Femap and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple File Parsing Flaws in Simcenter Femap (Catia MODEL format)
## CVE Details
- **CVE ID:** CVE-2024-24920, CVE-2024-24921, CVE-2024-24922, CVE-2024-24923, CVE-2024-24924, CVE-2024-24925, CVE-2024-27907
- **CVSS Score:** 7.8 (High) - CVSS v3.1 / 7.3 (High) - CVSS v4.0
- **CWE:**
- CWE-787: Out-of-bounds Write
- CWE-119: Memory Corruption
- CWE-824: Access of Uninitialized Pointer
## Affected Systems
- **Products:** Siemens Simcenter Femap
- **Versions:**
- All versions < V2401.0000 (Affected by CVE-2024-24920 through CVE-2024-24923)
- All versions < V2306.0001 (Affected by CVE-2024-24923)
- All versions < V2306.0000 (Affected by CVE-2024-24924, CVE-2024-24925, CVE-2024-27907)
- **Configurations:** Systems utilizing Simcenter Femap to parse or import Catia MODEL files.
## Vulnerability Description
The vulnerabilities exist in the file parsing engine of Simcenter Femap. When the application processes a specially crafted **Catia MODEL** file, multiple memory management errors can occur, including out-of-bounds writes, general memory corruption, and uninitialized pointer access. These flaws occur because the application fails to properly validate the input data structure within the malicious file before processing it.
## Exploitation
- **Status:** PoC Available (Exploit code exists as indicated by CVSS "E:P" / Proof-of-Concept)
- **Complexity:** Medium (Requires user interaction and specific file construction)
- **Attack Vector:** Local (User must be tricked into opening a malicious file)
## Impact
- **Confidentiality:** High (Potential for arbitrary code execution to steal data)
- **Integrity:** High (Potential for unauthorized modification of system files)
- **Availability:** High (Can lead to application crashes or total system compromise)
## Remediation
### Patches
Siemens recommends upgrading to the following versions or later:
- **Simcenter Femap V2401.0000**
- **Simcenter Femap V2306.0001**
- **Simcenter Femap V2306.0000** (Specifically for CVE-2024-24924, CVE-2024-24925, CVE-2024-27907)
### Workarounds
- **Strict File Handling:** Do not open Catia MODEL files from untrusted or unknown sources.
- **Access Control:** Restrict network access to engineering workstations and follow Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unexpected application crashes when opening `.model` files; unusual outbound network traffic or unauthorized process creation originating from `femap.exe`.
- **Detection Methods:** Security teams should monitor for the ingestion of Catia files from external/unverified email attachments or web downloads. Utilize EDR solutions to monitor for memory-related exploits targeting engineering software.
## References
- **Vendor Advisory:** hxxps[://]cert-portal[.]siemens[.]com/productcert/html/ssa-000072[.]html
- **Support Portal:** hxxps[://]support[.]sw[.]siemens[.]com/
- **Industrial Security Guidelines:** hxxps[://]www[.]siemens[.]com/cert/operational-guidelines-industrial-security