Login Sign Up

CVE-2024-32065

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Simcenter Femap allows attackers to execute arbitrary code by exploiting an out-of-bounds read when parsing malicious IGS files. All users running Simcenter Femap versions before V2406 are affected. The attack occurs when the software processes specially crafted IGS files.

💻 Affected Systems

Products:
  • Simcenter Femap
Versions: All versions before V2406
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when parsing IGS files, which is a core functionality of the software.

📦 What is this software?

Ps\/iges Parasolid Translator by Siemens

View all CVEs affecting Ps\/iges Parasolid Translator →

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, system takeover, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or application crash when users open malicious IGS files, potentially leading to data loss or system instability.

🟢

If Mitigated

Application crash without code execution if exploit fails or security controls block malicious file execution.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious IGS files. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2406

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-064222.html

Restart Required: Yes

Instructions:

1. Download Simcenter Femap V2406 or later from Siemens support portal
2. Run the installer as administrator
3. Follow installation wizard prompts
4. Restart the system after installation completes

🔧 Temporary Workarounds

Restrict IGS file processing

windows

Block or restrict processing of IGS files through application controls or file policies

User awareness training

all

Train users to only open IGS files from trusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized execution of Femap
  • Use endpoint protection with file reputation services to block malicious IGS files

🔍 How to Verify

Check if Vulnerable:

Check Femap version via Help > About menu. If version is below V2406, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is V2406 or later in Help > About menu and test IGS file processing functionality.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing IGS files
  • Unexpected process creation from Femap executable

Network Indicators:

  • Unusual outbound connections from Femap process

SIEM Query:

Process creation where parent_process contains 'femap' AND (process_name contains 'cmd' OR process_name contains 'powershell')

📊 Metadata

CVE ID: CVE-2024-32065
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: May 14, 2024
Last Updated: August 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32065, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)