Out of Bounds Read Vulnerability in Simcenter Femap by Siemens
CVE-2024-33653

7.8HIGH

Key Information:

Vendor: Siemens
Status: Simcenter Femap
Vendor: CVE Published:; 9 July 2024

Summary

A vulnerability exists in all versions of Simcenter Femap prior to V2406, involving an out of bounds read occurring during the parsing of specially crafted BMP files. This flaw allows attackers to manipulate BMP file inputs to read past the allocated memory buffer. If successfully exploited, this may result in the execution of arbitrary code in the context of the application process, potentially compromising system security and stability. Users are strongly encouraged to review the implications of this vulnerability and consider applying available updates or mitigations.

References

https://cert-portal.siemens.com/productcert/html/ssa-0642...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024