VDB
ICSA-24-137-05
ICSA-24-137-05
PUBLISHED
CVSS 7.800000190734863 HIGH
Simcenter Nastran is affected by a stack overflow vulnerability that could be triggered when an application binary reads arbitrary string as a file argument. If a user is tricked to run one of the impacted application binary with a malicious string, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released a new version for Simcenter Nastran 2406 and recommends to update to the latest version. Siemens recommends countermeasures for products where fixes are not, or not yet available.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simcenter Nastran 2406 | ||
| Simcenter Nastran 2312 | ||
| Simcenter Nastran 2306 |
Timeline
- May 14, 2024 CVE Published
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-258494.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-258494.html advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-258494.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-258494.txt advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-137-05.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-05 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.sw.siemens.com/ fix