Login Sign Up

CVE-2024-24923

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote code execution through specially crafted Catia MODEL files in Simcenter Femap. Attackers can exploit an out-of-bounds read vulnerability to execute arbitrary code in the context of the current process. All users of Simcenter Femap versions before V2401.0000 and V2306.0001 are affected.

💻 Affected Systems

Products:
  • Simcenter Femap
Versions: All versions < V2401.0000 and all versions < V2306.0001
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when parsing Catia MODEL files, which is a core functionality of Femap.

📦 What is this software?

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the Femap process, potentially leading to data theft, system manipulation, or lateral movement.

🟠

Likely Case

Remote code execution leading to malware installation, data exfiltration, or system disruption when users open malicious Catia files.

🟢

If Mitigated

Limited impact with proper file validation and user awareness preventing malicious file execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious Catia file. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2401.0000 or V2306.0001

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-000072.html

Restart Required: Yes

Instructions:

1. Download the latest version from Siemens support portal. 2. Install the update following Siemens installation guide. 3. Restart the system after installation.

🔧 Temporary Workarounds

Restrict Catia file handling

windows

Block or restrict processing of Catia MODEL files through application controls or file policies.

User awareness training

all

Train users to only open Catia files from trusted sources and verify file integrity.

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized Femap execution
  • Use network segmentation to isolate Femap systems from critical assets

🔍 How to Verify

Check if Vulnerable:

Check Femap version via Help > About menu. If version is below V2401.0000 or V2306.0001, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify installed version is V2401.0000 or V2306.0001 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes of femap.exe
  • Unusual file access patterns to Catia files

Network Indicators:

  • Unexpected outbound connections from Femap process

SIEM Query:

Process: femap.exe AND (EventID: 1000 OR EventID: 1001) OR FileAccess: *.CATPart OR *.CATProduct

📊 Metadata

CVE ID: CVE-2024-24923
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: February 13, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24923, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)