Siemens Simcenter Femap
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Siemens Simcenter Femap.
By the Year
In 2026 there have been 6 vulnerabilities in Siemens Simcenter Femap with an average score of 7.8 out of ten. Last year, in 2025 Simcenter Femap had 6 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Simcenter Femap in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.02.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 6 | 7.80 |
| 2025 | 6 | 7.78 |
| 2024 | 21 | 7.80 |
| 2023 | 2 | 7.80 |
| 2022 | 40 | 7.79 |
| 2021 | 3 | 6.30 |
It may take a day or so for new Simcenter Femap vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Siemens Simcenter Femap Security Vulnerabilities
OOB Read in Simcenter Femap/Nastran NDB Parser Enables Code Exec
CVE-2026-23720
7.8 - High
- February 10, 2026
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
Heap Bf Overflow in Simcenter Femap/Nastran NDB Parser (CVE-2026-23719)
CVE-2026-23719
7.8 - High
- February 10, 2026
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.
Heap-based Buffer Overflow
Simcenter Femap/Nastran OOB Read in NDB Parsing Enables Code Execution
CVE-2026-23718
7.8 - High
- February 10, 2026
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
Simcenter Femap/Nastran OOB Read via XDB Parsing Enables Code Exec
CVE-2026-23717
7.8 - High
- February 10, 2026
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
Simcenter Femap/Nastran OOB Read in XDB Parsing Enables Code Exec
CVE-2026-23716
7.8 - High
- February 10, 2026
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
Simcenter Femap/Nastran OOB write in XDB parsing
CVE-2026-23715
7.8 - High
- February 10, 2026
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.
Memory Corruption
Simcenter Femap Uninitialized Memory via SLDPRT (CVE-2025-40829)
CVE-2025-40829
7.8 - High
- December 12, 2025
A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27146)
Use of Uninitialized Resource
SALT SDK TLS Cert Validation Bypass in COMOS, NX, Simcenter, Tecnomatix
CVE-2025-40801
8.1 - High
- December 09, 2025
A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement (bundled as NX X)), NX V2506 (All versions < V2506.6000 with Cloud Entitlement (bundled as NX X)), Simcenter 3D (All versions < V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Femap (All versions < V2506.0002 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Studio (All versions < V2506.0001), Simcenter System Architect (All versions < V2506.0001), Tecnomatix Plant Simulation (All versions < V2504.0007). The SALT SDK is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.
Improper Certificate Validation
TLS cert validation flaw in Siemens IAM client COMOS V10.6, NX V2412
CVE-2025-40800
7.4 - High
- December 09, 2025
A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026 (All versions < V226.0 Update 1). The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.
Improper Certificate Validation
OOB Read RCE in Simcenter Femap < V2406.0003 / < V2412.0002
CVE-2025-40764
7.8 - High
- August 12, 2025
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contains an out of bounds read vulnerability while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
Simcenter Femap V2406/V2412 OOB Write via STP Parse
CVE-2025-40762
7.8 - High
- August 12, 2025
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in the context of the current process.(ZDI-CAN-26692)
Memory Corruption
Memory Corruption in Simcenter Femap NEU Parsing pre-2401.0003 & 2406.0002
CVE-2025-25175
7.8 - High
- March 13, 2025
A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)
Buffer Overflow
Simcenter Femap Memory Corruption in BDF Parsing (CVE202447046)
CVE-2024-47046
- October 08, 2024
A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.
Buffer Overflow
Heap BOV in Simcenter Femap during BDF parsing
CVE-2024-41981
- October 08, 2024
A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.
Heap-based Buffer Overflow
OOB Read in Simcenter Femap via BMP <V2406
CVE-2024-33654
7.8 - High
- July 09, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
Simcenter Femap BMP OOB Read Enables Code Execution
CVE-2024-33653
7.8 - High
- July 09, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
Simcenter Femap OOB Write via Crafted IGS File
CVE-2024-32056
7.8 - High
- July 09, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process.
Memory Corruption
Simcenter Femap Stack Overflow RCE (CVE-2024-33577)
CVE-2024-33577
- May 14, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process.
Stack Overflow
Simcenter Femap OOB Read in IGS file allows RCE
CVE-2024-32066
- May 14, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578)
Out-of-bounds Read
Simcenter Femap OOB Read via crafted IGS file
CVE-2024-32065
- May 14, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21577)
Out-of-bounds Read
Simcenter Femap OOB Read in IGS Files (CVE-2024-32064)
CVE-2024-32064
- May 14, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575)
Simcenter Femap Type Confusion in IGS Parsing Enables Arbitrary Code Exec
CVE-2024-32063
- May 14, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573)
Object Type Confusion
Simcenter Femap OOB Read in IGS Parser Enables Code Exec
CVE-2024-32060
- May 14, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565)
Out-of-bounds Read
Simcenter Femap: IGS File Parsing Memory Corruption
CVE-2024-32058
- May 14, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563)
Buffer Overflow
Simcenter Femap OOB Read via crafted IGS file
CVE-2024-32055
- May 14, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
Simcenter Femap IGS Type Confusion CVE-2024-32057
CVE-2024-32057
- May 14, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562)
Object Type Confusion
Simcenter Femap OOB Write < V2306.0000
CVE-2024-27907
- March 12, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22051)
Memory Corruption
Simcenter Femap <V2401.0000 OOB write in Catia MODEL, RCE risk
CVE-2024-24922
7.8 - High
- February 13, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715)
Memory Corruption
Simcenter Femap V<2306 Uninitialized Pointer in Catia MODEL Parsing
CVE-2024-24925
7.8 - High
- February 13, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)
Access of Uninitialized Pointer
Simcenter Femap OOB Write < V2306.0000 via Catia MODEL
CVE-2024-24924
7.8 - High
- February 13, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059)
Memory Corruption
Simcenter Femap <=V2401 OOB read in Catia MODEL parser
CVE-2024-24923
7.8 - High
- February 13, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055)
Simcenter Femap <V2401.0000 memory corruption parsing Catia MODEL files (exec)
CVE-2024-24921
7.8 - High
- February 13, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712)
Memory Corruption
Simcenter Femap < V2401.0 OOB Write via Catia MODEL Parsing
CVE-2024-24920
7.8 - High
- February 13, 2024
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710)
Memory Corruption
OOB Write in Parasolid <V36.0.142 & Simcenter Femap <V2306.0001 Code Exec
CVE-2023-41032
7.8 - High
- September 12, 2023
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)
Memory Corruption
Parasolid V35-36 X_T File OOB Write Vulnerability
CVE-2023-41033
7.8 - High
- September 12, 2023
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)
Memory Corruption
Simcenter Femap V2022.1/2022.2 JTTK Uninitialized Pointer CVE-2022-41851
CVE-2022-41851
7.8 - High
- October 11, 2022
A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973)
Access of Uninitialized Pointer
Out-of-Bounds Write in Parasolid X_T Parser <v35.0.161 (Femap <2022.2.2)
CVE-2022-39138
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17284)
Memory Corruption
Parasolid V33V35: OOB Read in X_T Parser (pre262/252/242/161)
CVE-2022-39137
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-17276)
Out-of-bounds Read
Parasolid <=33.1.262 & <=34.0.252 X_T OOB Write Code Exec
CVE-2022-39139
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17289)
Memory Corruption
Parasolid & Simcenter Femap BOW in X_T (<V33.1.262)
CVE-2022-39148
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17513)
Memory Corruption
Parasolid V33/34/35 & Simcenter Femap V2022.1-2022.2 OOB Read in X_T Parser
CVE-2022-39156
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18196)
Out-of-bounds Read
Parasolid V33.1 OOB Write in X_T File Before V33.1.262
CVE-2022-39155
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18192)
Memory Corruption
OOB Write in Parasolid <= V35.0.163 / Simcenter Femap < V2022.2.2
CVE-2022-39154
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18188)
Memory Corruption
Parasolid & Simcenter Femap X_T buffer overflow <33.1.262 (code exec)
CVE-2022-39153
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18187)
Out-of-bounds Read
Out-of-Bounds Write Vulnerability in Parasolid & Simcenter Femap (<2022.1.3)
CVE-2022-39152
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17740)
Memory Corruption
Parasolid <V33.1.262, <V34.0.252 OOB Write in X_T Parser
CVE-2022-39151
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17736)
Memory Corruption
Parasolid/Simcenter Femap OOB Write <V33.1.262 Allowing Code Exec
CVE-2022-39150
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17735)
Memory Corruption
Parasolid & Simcenter Femap V33/34/35 OOB via X_T Code Exec
CVE-2022-39149
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17733)
Memory Corruption
Parasolid & Simcenter Femap X_T Pointer Access Vulnerability CVE-2022-39147
CVE-2022-39147
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17506)
Access of Uninitialized Pointer
Parasolid/Simcenter Femap X_T File Uninit Ptr Code Exec v.2022
CVE-2022-39146
7.8 - High
- September 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17502)
Access of Uninitialized Pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Siemens Simcenter Femap or by Siemens? Click the Watch button to subscribe.
