CVE-2024-24925 – This vulnerability in Simcenter Femap allows at... (How to Fix)

Q: How do I fix CVE-2024-24925?

1. Download Simcenter Femap V2306.0000 or later from Siemens support portal. 2. Install the update following Siemens installation guide. 3. Restart the application and system if required.

Q: What is the severity of CVE-2024-24925?

CVE-2024-24925 has a CVSS score of 7.8 (HIGH). This vulnerability in Simcenter Femap allows attackers to execute arbitrary code by exploiting uninitialized pointer access when parsing malicious Catia MODEL files. All versions before V2306.0000 are affected. Users who open untrusted Catia files are at risk.

📋 TL;DR

This vulnerability in Simcenter Femap allows attackers to execute arbitrary code by exploiting uninitialized pointer access when parsing malicious Catia MODEL files. All versions before V2306.0000 are affected. Users who open untrusted Catia files are at risk.

💻 Affected Systems

Products:

Simcenter Femap

Versions: All versions < V2306.0000

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing Catia MODEL files; other file types may not be affected.

📦 What is this software?

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the Femap process, potentially leading to full system compromise, data theft, or lateral movement.

🟠

Likely Case

Local user or attacker with file upload capabilities executes code by tricking users into opening malicious Catia files.

🟢

If Mitigated

Limited impact if users only open trusted files from verified sources and proper application sandboxing is in place.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file; no known public exploits as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2306.0000

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-000072.html

Restart Required: Yes

Instructions:

1. Download Simcenter Femap V2306.0000 or later from Siemens support portal. 2. Install the update following Siemens installation guide. 3. Restart the application and system if required.

🔧 Temporary Workarounds

Restrict Catia file handling

windows

Block or restrict opening of Catia MODEL files from untrusted sources.

Application sandboxing

windows

Run Femap with reduced privileges or in isolated environment.

🧯 If You Can't Patch

Implement strict file handling policies: only open Catia files from trusted, verified sources.
Use application control solutions to restrict Femap's execution capabilities and network access.

🔍 How to Verify

Check if Vulnerable:

Check Femap version via Help > About; if version is below V2306.0000, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Confirm version is V2306.0000 or higher in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes of femap.exe
Unusual file access patterns to Catia MODEL files

Network Indicators:

Unusual outbound connections from femap.exe process

SIEM Query:

Process: femap.exe AND (EventID: 1000 OR FileExtension: .model)

📊 Metadata

CVE ID: CVE-2024-24925

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-824

Published: February 13, 2024

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-000072.html Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-000072.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24925, you might also want to check these: