Full Report
Simcenter Femap contains multiple file parsing vulnerabilities that could be triggered when the application reads files in IGS, BDF or BMP file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released a new version for Simcenter Femap and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple File Parsing Vulnerabilities in Simcenter Femap (IGS, BDF, BMP)
## CVE Details
- CVE ID: Multiple (CVE-2024-32055 through CVE-2024-32066, CVE-2024-33577, CVE-2024-33653, CVE-2024-33654)
- CVSS Score: 7.8 (CVSS v3.1 Base Score) / 7.3 (CVSS v4.0 Base Score) (HIGH)
- CWE: Includes CWE-125 (Out-of-bounds Read) and CWE-121 (Stack-based Buffer Overflow).
## Affected Systems
- Products: Simcenter Femap
- Versions: All versions prior to V2406.
- Configurations: Triggered when reading specially crafted files of formats IGS, BDF, or BMP.
## Vulnerability Description
Simcenter Femap contains multiple vulnerabilities arising from flaws in the handling of external file formats: IGS, BDF, and BMP.
Specific identified vulnerabilities include:
* **CVE-2024-32055, CVE-2024-33653, CVE-2024-33654 (BMP/IGS):** Out-of-bounds Read past the end of an allocated structure while parsing specially crafted files.
* **CVE-2024-32056 (IGS):** Out-of-bounds Write (Stack-based Buffer Overflow).
* (Note: Other CVEs listed likely involve similar memory corruption or parsing issues within the respective format handlers.)
If a user opens a malicious file of these types, it could lead to application crash (Denial of Service) or potentially allow for arbitrary code execution in the context of the current process.
## Exploitation
- Status: Details do not specify *in the wild* exploitation, but PoCs are implied via disclosure by researchers like ZDI and Michael Heinzl. The vulnerability class often has demonstrable PoC availability.
- Complexity: CVSS analysis suggests low complexity for initialization (Access Vector: Local, Attack Complexity: Low/High depending on CVE) but requires user interaction (User Interaction: Required).
- Attack Vector: Local (L on CVSS 3.1 vector for most, implying the attacker needs the file delivered to the local system/user). The trigger requires the user to open the file.
## Impact
- Confidentiality: High (Potential for code execution allows reading sensitive data)
- Integrity: High (Potential for code execution allows modification of data/system state)
- Availability: High (Application crash/DoS is possible)
## Remediation
### Patches
- Update to **Simcenter Femap V2406 or a later version**.
### Workarounds
Customers should apply workarounds specific to the files they handle until patching is complete:
* **For CVE-2024-32055 through CVE-2024-32066 (IGS):** Do not open untrusted IGS files in affected applications.
* **For CVE-2024-33577 (BDF):** Do not open untrusted BDF files in the affected applications.
* **For CVE-2024-33653 and CVE-2024-33654 (BMP):** Do not open untrusted BMP files in the affected applications.
* **General:** Do not open untrusted IGS, BDF, or BMP files using Simcenter Femap.
## Detection
- **Indicators of Compromise:** Crashes in the Simcenter Femap process when attempting to open IGS, BDF, or BMP files originating from untrusted sources.
- **Detection methods and tools:** Monitor process activity for unexpected termination of Simcenter Femap after file loading operations. Network monitoring is less relevant as the attack requires local file access/opening.
## References
- Vendor Advisory: SSA-064222
- Siemens Security Portal: hXXps://www.siemens.com/cert/advisories
- Siemens Support Download (for patches): hXXps://support.sw.siemens.com/
- Siemens Industrial Security Guidelines: hXXps://www.siemens.com/industrialsecurity