CVE-2021-46154

7.8HIGH

Key Information:

Vendor
Siemens
Status
Simcenter Femap V2020.2
Simcenter Femap V2021.1
Vendor
CVE Published:
9 February 2022

Summary

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304)

Affected Version(s)

Simcenter Femap V2020.2 All versions

Simcenter Femap V2021.1 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-60988...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-22-301/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-22-302/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.