Simcenter Femap Users Beware of Malicious Catia Files

CVECVE-2024-24921
CVSScvssV3_1: 7.8
SourceCVE-2024-24921

A critical vulnerability has been discovered in Simcenter Femap, a finite element analysis software by Siemens. All versions prior to V2401.0000 are affected.

Attackers can exploit this vulnerability by crafting malicious Catia MODEL files that, when opened in the vulnerable versions of Simcenter Femap, can corrupt memory and allow code execution. This gives attackers full control of the affected system.

Simcenter Femap is used for simulating and analyzing how physical components react to real-world forces, like vibration, heat, stress and motion. It works with files from CAD programs like Catia. The vulnerability occurs while parsing these Catia files.

If exploited, a remote attacker could install programs, view, change or delete data, or create new accounts with full user rights. As the code runs with the privileges of the user, attackers have complete access to the compromised system.

Siemens has released an update to address this issue. Users are strongly recommended to update their installation of Simcenter Femap immediately. In the meantime, exercise caution when opening files from untrusted sources to avoid potentially malicious Catia files from exploiting this vulnerability.

References