Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Microsoft Windows Products Vulnerabilities Exploit in the Wild
February 14, 2024
Rewterz
Rewterz Threat Advisory – ICS: Multiple Siemens Tecnomatix Plant Simulation Vulnerabilities
February 14, 2024

Rewterz Threat Advisory – ICS: Multiple Siemens Simcenter Femap Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-24922 CVSS: 7.8

Siemens Simcenter Femap could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write while parsing Catia MODEL files. By persuading a victim to open a specially crafted Catia MODEL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-24923 CVSS: 7.8

Siemens Simcenter Femap could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read while parsing Catia MODEL files. By persuading a victim to open a specially crafted Catia MODEL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-24924 CVSS: 7.8

Siemens Simcenter Femap could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write while parsing Catia MODEL files. By persuading a victim to open a specially crafted Catia MODEL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-24925 CVSS: 7.8

Siemens Simcenter Femap could allow a remote attacker to execute arbitrary code on the system, caused by an uninitialized pointer access while parsing Catia MODEL files. By persuading a victim to open a specially crafted Catia MODEL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-24921 CVSS: 7.8

Siemens Simcenter Femap could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw while parsing Catia MODEL files. By persuading a victim to open a specially crafted Catia MODEL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-24920 CVSS: 7.8

Siemens Simcenter Femap could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write while parsing Catia MODEL files. By persuading a victim to open a specially crafted Catia MODEL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Code Execution

Indicators Of Compromise

CVE

  • CVE-2024-24922
  • CVE-2024-24923
  • CVE-2024-24924
  • CVE-2024-24925
  • CVE-2024-24921
  • CVE-2024-24920

Affected Vendors

Siemens

Affected Products

  • Siemens Femap 2022.1
  • Siemens Femap 2020.1
  • Siemens Femap 2019.1
  • Siemens Femap 12
  • Siemens Femap 11.4
  • Siemens Femap 2400
  • Siemens Femap 2305

Remediation

Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.

Siemens Security Advisory