Full Report
Simcenter Nastran contains multiple memory corruption vulnerabilities that could be triggered when the application reads files in BDF file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released a new version for Simcenter Nastran 2406 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Multiple Memory Corruption Vulnerabilities in Simcenter Nastran
## CVE Details
- **CVE ID:** CVE-2024-41981, CVE-2024-47046
- **CVSS Score:** 7.8 (High) - CVSS v3.1 / 7.3 (High) - CVSS v4.0
- **CWE:** CWE-122 (Heap-based Buffer Overflow), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
## Affected Systems
- **Products:** Siemens Simcenter Nastran (Finite Element Method solver)
- **Versions:**
- Simcenter Nastran 2306: All versions
- Simcenter Nastran 2312: All versions
- Simcenter Nastran 2406: All versions prior to V2406.5000
- **Configurations:** Systems utilizing the application to process BDF (Bulk Data File) formats.
## Vulnerability Description
Simcenter Nastran is subject to multiple memory corruption flaws, including a heap-based buffer overflow. The vulnerabilities exist within the file parsing engine responsible for processing BDF files. When a specially crafted, malicious BDF file is read by the application, it can lead to an out-of-bounds memory access or a buffer overflow. Specifically, CVE-2024-41981 involves a heap overflow, while CVE-2024-47046 involves general memory corruption due to improper restriction of operations within memory buffer bounds.
## Exploitation
- **Status:** Not reported as exploited in the wild; no public PoC currently cited in advisory.
- **Complexity:** Low (CVSS 3.1) / High (CVSS 4.0 - identifies the requirement for specific user interaction).
- **Attack Vector:** Local (Requires a user to open a malicious file locally; the attack cannot be launched directly over the network without user interaction).
## Impact
- **Confidentiality:** High (Potential for arbitrary code execution to steal data)
- **Integrity:** High (Potential for unauthorized modification of data/system)
- **Availability:** High (Can lead to application crashes and denial of service)
## Remediation
### Patches
- **Simcenter Nastran 2406:** Update to version **V2406.5000** or later.
- **Simcenter Nastran 2306 & 2312:** No fix is currently available. Siemens is preparing further fix versions.
### Workarounds
- **File Validation:** Do not open BDF files received from untrusted or unknown sources.
- **General Hardening:** Protect network access to devices and operate within a protected IT environment following Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unexpected application crashes when opening BDF files; unusual process behavior in the context of the Simcenter Nastran solver.
- **Detection methods and tools:** Monitor system logs for memory access violations associated with the Nastran executable. Use sandbox environments to inspect BDF files from external sources before production use.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-852501[.]html
- **Support Portal:** hxxps://support[.]sw[.]siemens[.]com/
- **Industrial Security Guidelines:** hxxps://www[.]siemens[.]com/cert/operational-guidelines-industrial-security