Full Report
Siemens Simcenter Femap versions before V2512 are affected by uninitialized memory vulnerability that could be triggered when the application reads files in SLDPRT format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released a new version for Simcenter Femap and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Uninitialized Memory in Siemens Simcenter Femap Leading to RCE
## CVE Details
- CVE ID: CVE-2025-40829
- CVSS Score: 7.8 (CVSS v3.1) / 7.3 (CVSS v4.0) (High/Medium according to context scores)
- CWE: CWE-908: Use of Uninitialized Resource
## Affected Systems
- Products: Siemens Simcenter Femap
- Versions: All versions before V2512
- Configurations: Triggered when reading files in SLDPRT format.
## Vulnerability Description
The affected versions of Simcenter Femap contain an uninitialized memory vulnerability during the parsing process of specially crafted SLDPRT files. Successful exploitation allows an attacker to execute arbitrary code in the context of the application process.
A breakdown of the CVSS 3.1 vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) suggests:
* Attack Vector (AV): Local (L)
* Attack Complexity (AC): Low (L)
* Privileges Required (PR): None (N)
* User Interaction (UI): Required (R)
* Scope (S): Unchanged (U)
* Impact (C/I/A): High
## Exploitation
- Status: PoC available (Implied by ZDI tracking ZDI-CAN-27146)
- Complexity: Low (Based on CVSS 3.1 AC:L, although CVSS 4.0 suggests AC:H)
- Attack Vector: Local (L) combined with User Interaction (R) implies the user must open a malicious file locally or via a shared source.
## Impact
- Confidentiality: High
- Integrity: High
- Availability: High
## Remediation
### Patches
- Update to Siemens Simcenter Femap V2512 or later version.
- Remediation Link: https://support.sw.siemens.com/product/275652363/ (General link provided)
### Workarounds
- No specific workarounds are detailed in the summary, but Siemens recommends following General Security Recommendations, which generally include limiting network access to devices running the software.
## Detection
- Detection is highly dependent on monitoring file access patterns and memory corruption events within the process memory of Simcenter Femap when handling SLDPRT files from untrusted sources. Indicators of compromise would be abnormal process behavior following file opening.
## References
- Vendor Advisory: SSA-512988 (Siemens ProductCERT)
- General Security Recommendations: https://www.siemens.com/cert/operational-guidelines-industrial-security (defanged)
- Siemens Security Advisories Index: https://www.siemens.com/cert/advisories (defanged)