CVE-2024-24921 – A memory corruption vulnerability in Simcenter ... (How to Fix)

Q: How do I fix CVE-2024-24921?

1. Download Simcenter Femap V2401.0000 or later from Siemens support portal. 2. Run installer with administrative privileges. 3. Restart system after installation completes.

Q: What is the severity of CVE-2024-24921?

CVE-2024-24921 has a CVSS score of 7.8 (HIGH). A memory corruption vulnerability in Simcenter Femap allows attackers to execute arbitrary code by tricking users into opening malicious Catia MODEL files. This affects all Simcenter Femap versions before V2401.0000. Users who process untrusted Catia files are at risk.

📋 TL;DR

A memory corruption vulnerability in Simcenter Femap allows attackers to execute arbitrary code by tricking users into opening malicious Catia MODEL files. This affects all Simcenter Femap versions before V2401.0000. Users who process untrusted Catia files are at risk.

💻 Affected Systems

Products:

Simcenter Femap

Versions: All versions < V2401.0000

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing Catia MODEL files; requires user interaction to open malicious file.

📦 What is this software?

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or application crash when users open malicious files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open trusted files and application runs with minimal privileges.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user to open specially crafted Catia file; no public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2401.0000

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-000072.html

Restart Required: Yes

Instructions:

1. Download Simcenter Femap V2401.0000 or later from Siemens support portal. 2. Run installer with administrative privileges. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Restrict Catia file handling

windows

Block or restrict opening of Catia MODEL files from untrusted sources

Run with reduced privileges

windows

Run Simcenter Femap with standard user privileges instead of administrator rights

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Use network segmentation to isolate systems running vulnerable software

🔍 How to Verify

Check if Vulnerable:

Check Simcenter Femap version in Help > About; if version is below V2401.0000, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version shows V2401.0000 or higher in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening Catia files
Unusual process creation from Simcenter Femap

Network Indicators:

Unexpected outbound connections from Simcenter Femap process

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="femap.exe"

📊 Metadata

CVE ID: CVE-2024-24921

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: February 13, 2024

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-000072.html Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-000072.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24921, you might also want to check these: