Siemens Simcenter Nastran vulnerable to memory corruption

CVE-2024-47046

7.8HIGH

Key Information

Vendor: Siemens
Status: Simcenter Femap V2306; Simcenter Femap V2401; Simcenter Femap V2406
Vendor: CVE Published:; 8 October 2024

Summary

A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.

Affected Version(s)

Simcenter Femap V2306 < 0

Simcenter Femap V2401 < 0

Simcenter Femap V2406 < 0

Refferences

https://cert-portal.siemens.com/productcert/html/ssa-8525...

https://cert-portal.siemens.com/productcert/html/ssa-8813...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 17, 2024

Collectors

NVD DatabaseMitre Database