PT-2021-21552 · Siemens · Simcenter Femap
Xina1I
·
Published
2021-09-14
·
Updated
2021-09-23
·
CVE-2021-37176
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Simcenter Femap V2020.2 (All versions)
Simcenter Femap V2021.1 (All versions)
Description
A vulnerability has been identified in the
femap.exe application, which lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process.Recommendations
For Simcenter Femap V2020.2, update to a version that includes the fix for this issue.
For Simcenter Femap V2021.1, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the use of
modfem files until a patch is available.Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simcenter Femap