VDB
ICSA-21-257-04
ICSA-21-257-04
PUBLISHED
CVSS 3.299999952316284 LOW
Siemens Simcenter Femap is affected by a vulnerability that could be triggered when the application reads modfem files. If a user is tricked to open a malicious file with the affected application, an attacker could leverage this vulnerability to leak information in the context of the current process. Siemens recommends to update to the latest version line of Simcenter Femap (2021.2), which is not affected by this type of vulnerabilities. Siemens recommends to avoid opening of untrusted files from unknown sources.
Risk Scores
CVSS v3.1
3.299999952316284
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simcenter Femap V2020.2 | ||
| Simcenter Femap V2021.1 |
Timeline
- Sep 14, 2021 CVE Published
- May 6, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-997732.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-997732.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-257-04.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-257-04 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url