CVE-2021-37176

3.3LOW

Key Information:

Vendor: Siemens
Status: Simcenter Femap V2020.2; Simcenter Femap V2021.1
Vendor: CVE Published:; 14 September 2021

Summary

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260)

Affected Version(s)

Simcenter Femap V2020.2 All versions

Simcenter Femap V2021.1 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-99773...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-1073/

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2021
Vulnerability Reserved
Jul 21, 2021