Simcenter Femap Users Beware of Malicious Catia Files

CVECVE-2024-24925
CVSScvssV3_1: 7.8
SourceCVE-2024-24925

A vulnerability has been discovered in Simcenter Femap, a finite element analysis software by Siemens. According to reports, versions prior to V2306.0000 of Simcenter Femap are vulnerable to code execution attacks when opening specially crafted Catia MODEL files.

Hackers can potentially exploit this issue by creating malicious Catia files that, when opened in a vulnerable version of Simcenter Femap, could allow arbitrary code to run with the privileges of the user opening the file. This puts users’ systems and data at risk if opened inadvertently.

Catia is a 3D CAD software used for mechanical design. The vulnerability arises from Simcenter Femap’s inability to properly sanitize inputs when parsing Catia model files. Hackers can abuse this to include malicious code within the file format that gets executed upon opening in Simcenter Femap.

If you use Simcenter Femap, you should immediately update to the latest version V2306.0000 or higher released by Siemens to patch this security flaw. In the interim, exercise caution opening any Catia files from untrusted sources to avoid potential attacks targeting this vulnerability. Always verify file integrity and origins to reduce risks to your systems.

References