CVE-2021-27399 – This vulnerability in Simcenter Femap allows at... (How to Fix)

Q: How do I fix CVE-2021-27399?

1. Download the appropriate maintenance pack from Siemens support portal. 2. Close all Femap instances. 3. Run the maintenance pack installer. 4. Restart the system. 5. Verify the version is updated.

Q: What is the severity of CVE-2021-27399?

CVE-2021-27399 has a CVSS score of 7.8 (HIGH). This vulnerability in Simcenter Femap allows attackers to execute arbitrary code by exploiting an out-of-bounds write when parsing malicious FEMAP files. Users of Simcenter Femap 2020.2 and 2021.1 before specific maintenance packs are affected. Successful exploitation could lead to complete system compromise.

📋 TL;DR

This vulnerability in Simcenter Femap allows attackers to execute arbitrary code by exploiting an out-of-bounds write when parsing malicious FEMAP files. Users of Simcenter Femap 2020.2 and 2021.1 before specific maintenance packs are affected. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

Simcenter Femap

Versions: 2020.2 (All versions < V2020.2.MP3), 2021.1 (All versions < V2021.1.MP3)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable by default when processing FEMAP files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or remote code execution when users open malicious FEMAP files, potentially leading to malware installation or data exfiltration.

🟢

If Mitigated

Limited impact with proper file validation and user awareness preventing malicious file execution.

🌐 Internet-Facing: LOW - This requires user interaction to open malicious files and is not directly exploitable over network protocols.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious FEMAP files. No public exploit code is available, but the vulnerability is documented by ZDI.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2020.2.MP3 for 2020.2, V2021.1.MP3 for 2021.1

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-133038.pdf

Restart Required: Yes

Instructions:

1. Download the appropriate maintenance pack from Siemens support portal. 2. Close all Femap instances. 3. Run the maintenance pack installer. 4. Restart the system. 5. Verify the version is updated.

🔧 Temporary Workarounds

Restrict FEMAP file handling

windows

Implement application whitelisting to prevent execution of untrusted FEMAP files or restrict file associations.

User awareness training

all

Train users to only open FEMAP files from trusted sources and verify file integrity.

🧯 If You Can't Patch

Implement strict file validation policies to block untrusted FEMAP files at network boundaries.
Use application sandboxing or virtualization to isolate Femap execution from critical systems.

🔍 How to Verify

Check if Vulnerable:

Check Femap version via Help > About in the application interface or examine installed programs in Windows Control Panel.

Check Version:

Not applicable - check via GUI or Windows Programs and Features

Verify Fix Applied:

Verify the version shows V2020.2.MP3 or higher for 2020.2, or V2021.1.MP3 or higher for 2021.1.

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes of femap.exe
Unusual file access patterns to FEMAP files
Process creation anomalies from femap.exe

Network Indicators:

Unusual outbound connections from femap.exe process

SIEM Query:

Process: femap.exe AND (EventID: 1000 OR EventID: 1001) OR FileAccess: *.femap from untrusted sources

📊 Metadata

CVE ID: CVE-2021-27399

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 8, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-133038.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-781/ Third Party Advisory,VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-133038.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-781/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27399, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Simcenter Femap by Siemens

Simcenter Femap by Siemens

Simcenter Femap by Siemens

Simcenter Femap by Siemens

Simcenter Femap by Siemens

Simcenter Femap by Siemens

Simcenter Femap by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict FEMAP file handling

User awareness training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities