Siemens Simcenter Nastran vulnerable to memory corruption
CVE-2024-47046

7.8HIGH

Key Information:

Vendor: Siemens
Status: Simcenter Femap V2306; Simcenter Femap V2401; Simcenter Femap V2406
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-47046?

A vulnerability in Siemens Simcenter Femap products allows for memory corruption when processing carefully crafted BDF files. This flaw affects all versions of Simcenter Femap V2306, V2401, and V2406, potentially granting attackers the ability to execute malicious code within the context of the current process. Users should be aware of the risks associated with processing BDF files in the impacted versions and take appropriate measures to safeguard their systems.

Affected Version(s)

Simcenter Femap V2306 0

Simcenter Femap V2401 0

Simcenter Femap V2406 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8525...

https://cert-portal.siemens.com/productcert/html/ssa-8813...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 17, 2024