Femap Vulnerability: Out-of-Bounds Write in Catia MODEL File Parsing
CVE-2024-24920

7.8HIGH

Key Information:

Vendor: Siemens
Status: Simcenter Femap
Vendor: CVE Published:; 13 February 2024

Summary

A vulnerability exists in Siemens Simcenter Femap that allows for an out of bounds write when processing a specially crafted Catia MODEL file. This flaw, present in all versions prior to V2401.0000, could enable an attacker to execute arbitrary code within the context of the current process, potentially compromising system integrity and security. The affected application fails to adequately validate input, resulting in memory corruption scenarios that pose significant risks to users and systems utilizing the software.

Affected Version(s)

Simcenter Femap 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0000...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Feb 1, 2024