CVE-2024-33654 – This vulnerability in Simcenter Femap allows at... (How to Fix)

Q: What is the severity of CVE-2024-33654?

CVE-2024-33654 has a CVSS score of 7.8 (HIGH). This vulnerability in Simcenter Femap allows attackers to execute arbitrary code by tricking users into opening malicious BMP files. All Simcenter Femap users running versions before V2406 are affected. The vulnerability exploits an out-of-bounds read during BMP file parsing.

📋 TL;DR

This vulnerability in Simcenter Femap allows attackers to execute arbitrary code by tricking users into opening malicious BMP files. All Simcenter Femap users running versions before V2406 are affected. The vulnerability exploits an out-of-bounds read during BMP file parsing.

💻 Affected Systems

Products:

Simcenter Femap

Versions: All versions before V2406

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when parsing BMP files, which is a core functionality of the software.

📦 What is this software?

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution with the privileges of the Femap process, potentially leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or limited code execution within the Femap process context, potentially enabling further attacks or data exfiltration.

🟢

If Mitigated

Application crash or denial of service if memory protections prevent successful exploitation.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file) and knowledge of the vulnerable BMP parsing routine.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2406

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-064222.html

Restart Required: Yes

Instructions:

1. Download Simcenter Femap V2406 or later from Siemens support portal
2. Install the update following Siemens installation procedures
3. Restart the system to ensure all components are updated

🔧 Temporary Workarounds

Restrict BMP file handling

windows

Block or restrict processing of BMP files in Femap through application settings or group policies

User awareness training

all

Train users to only open BMP files from trusted sources and verify file integrity

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Use endpoint protection with memory corruption detection capabilities

🔍 How to Verify

Check if Vulnerable:

Check Femap version in Help > About dialog - if version is below V2406, system is vulnerable

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version shows V2406 or higher in Help > About dialog after update

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing BMP files
Unexpected process creation from femap.exe
Memory access violation errors in application logs

Network Indicators:

Unusual outbound connections from Femap process
File downloads of BMP files to Femap systems

SIEM Query:

Process Creation where Image contains 'femap.exe' and CommandLine contains '.bmp'

📊 Metadata

CVE ID: CVE-2024-33654

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: July 9, 2024

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-064222.html Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-064222.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33654, you might also want to check these: