Full Report
Simcenter Femap contains a file parsing vulnerability that could be triggered when the application reads files in STP or BMP file format. If a user is tricked to open a malicious file with the affected application, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: File Parsing Flaws in Simcenter Femap (STP & BMP)
## CVE Details
- **CVE ID:** CVE-2025-40762, CVE-2025-40764
- **CVSS Score:**
- CVSS v3.1: 7.8 (High)
- CVSS v4.0: 7.3 (High)
- **CWE:**
- CWE-787: Out-of-bounds Write (CVE-2025-40762)
- CWE-125: Out-of-bounds Read (CVE-2025-40764)
## Affected Systems
- **Products:** Simcenter Femap
- **Versions:**
- Simcenter Femap V2406: All versions prior to V2406.0003
- Simcenter Femap V2412: All versions prior to V2412.0002
- **Configurations:** Systems where users open STP or BMP files from untrusted sources.
## Vulnerability Description
Simcenter Femap is vulnerable to memory corruption issues during the parsing of specific file formats.
- **CVE-2025-40762:** An out-of-bounds write vulnerability exists when processing specially crafted **STP** files.
- **CVE-2025-40764:** An out-of-bounds read vulnerability exists when processing specially crafted **BMP** files.
In both cases, improper memory handling during file parsing allows an attacker to potentially execute arbitrary code or cause a denial-of-service (application crash) in the context of the current process.
## Exploitation
- **Status:** Not exploited in the wild (Reported via coordinated disclosure).
- **Complexity:** Low (CVSS v3.1) / High (CVSS v4.0).
- **Attack Vector:** Local (Requires a user to open a malicious file).
- **User Interaction:** Required (User must be tricked into opening a malicious file).
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
Siemens recommends updating to the following versions or later:
- **Simcenter Femap V2406:** Update to V2406.0003
- **Simcenter Femap V2412:** Update to V2412.0002
### Workarounds
- **Strict File Handling:** Do not open STP or BMP files received from untrusted or unknown sources.
- **Access Control:** Protect network access and restrict the use of the application to protected IT environments following Siemens’ operational guidelines.
## Detection
- **Indicators of Compromise:** Unexpected application crashes (segmentation faults) when opening STP or BMP files.
- **Detection methods and tools:** Use of file integrity monitoring and endpoint detection and response (EDR) to monitor for unusual process behavior originating from the Simcenter Femap executable.
## References
- **Vendor Advisory:** hxxps[://]cert-portal[.]siemens[.]com/productcert/html/ssa-674084[.]html
- **Siemens Support:** hxxps[://]support[.]sw[.]siemens[.]com/product/275652363/
- **Industrial Security Guidelines:** hxxps[://]www[.]siemens[.]com/cert/operational-guidelines-industrial-security