Full Report
Simcenter Femap contains multiple memory corruption vulnerabilities that could be triggered when the application reads files in BDF file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released a new version for Simcenter Femap V2406 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Multiple Memory Corruption Vulnerabilities in Simcenter Femap
## CVE Details
- **CVE ID:** CVE-2024-41981, CVE-2024-47046
- **CVSS Score:**
- CVSS v3.1: 7.8 (High)
- CVSS v4.0: 7.3 (High)
- **CWE:**
- CWE-122: Heap-based Buffer Overflow (CVE-2024-41981)
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-47046)
## Affected Systems
- **Products:** Siemens Simcenter Femap
- **Versions:**
- Simcenter Femap V2306: All versions
- Simcenter Femap V2401: All versions
- Simcenter Femap V2406: Versions prior to the "Femap 2406 Nastran Updates"
- **Configurations:** Systems where the application is used to process or parse Nastran BDF (Bulk Data File) formats.
## Vulnerability Description
The vulnerabilities exist within the parsing logic of Simcenter Femap when handling BDF file formats.
- **CVE-2024-41981:** Relates specifically to a heap-based buffer overflow flaw.
- **CVE-2024-47046:** Relates to general memory corruption caused by improper restriction of operations within memory buffer bounds.
In both cases, if a specially crafted BDF file is processed by the application, it can lead to memory corruption, potentially allowing for arbitrary code execution in the context of the current process or causing the application to crash.
## Exploitation
- **Status:** Coordinated disclosure; no reports of exploitation in the wild at the time of advisory publication.
- **Complexity:** Low (CVSS 3.1) / High (CVSS 4.0)
- **Attack Vector:** Local (Requires a user to open a malicious file).
## Impact
- **Confidentiality:** High (Potential for unauthorized data access via code execution).
- **Integrity:** High (Potential for unauthorized modification of data).
- **Availability:** High (Application crash or system instability).
## Remediation
### Patches
- **Simcenter Femap V2406:** Apply the update "Femap 2406 Nastran Updates" available via the Siemens Support Center: hxxps://support[.]sw[.]siemens[.]com/downloads/PL20240416271650117/
- **Other Versions:** Siemens is currently preparing fixes for versions V2306 and V2401.
### Workarounds
- **File Hygiene:** Do not open untrusted or suspicious BDF files from unknown sources.
- **General Security:** Restrict network access to critical devices and follow Siemens' operational guidelines for industrial security.
## Detection
- **Indicators of Compromise:** Unexpected application crashes (SEGFAULT/Access Violation) specifically when opening Nastran BDF files.
- **Detection Methods:** Enterprise endpoint detection and response (EDR) tools may identify unusual child processes or memory anomalies if code execution is attempted through the Femap process.
## References
- **Siemens Security Advisory SSA-881356:** hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-881356[.]pdf
- **Siemens Industrial Security Home:** hxxps://www[.]siemens[.]com/industrialsecurity