CVE-2021-46159

7.8HIGH

Key Information:

Vendor: Siemens
Status: Simcenter Femap V2020.2; Simcenter Femap V2021.1
Vendor: CVE Published:; 9 February 2022

Summary

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15050)

Affected Version(s)

Simcenter Femap V2020.2 All versions

Simcenter Femap V2021.1 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-60988...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-22-314/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Jan 7, 2022