CVE-2026-23717 – An out-of-bounds read vulnerability in Simcente... (How to Fix)

Q: What is the severity of CVE-2026-23717?

CVE-2026-23717 has a CVSS score of 7.8 (HIGH). An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening malicious XDB files. This affects all versions before V2512 of both engineering simulation software products. Users who process untrusted XDB files are at risk.

📋 TL;DR

An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening malicious XDB files. This affects all versions before V2512 of both engineering simulation software products. Users who process untrusted XDB files are at risk.

💻 Affected Systems

Products:

Simcenter Femap
Simcenter Nastran

Versions: All versions before V2512

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing specially crafted XDB files. Both products share the same vulnerable component.

📦 What is this software?

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

Simcenter Nastran by Siemens

View all CVEs affecting Simcenter Nastran →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, potentially leading to data theft, system manipulation, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or application compromise when users open malicious XDB files from untrusted sources.

🟢

If Mitigated

Limited impact with proper file handling policies and user awareness preventing malicious file execution.

🌐 Internet-Facing: LOW - These are desktop engineering applications, not typically exposed to internet.

🏢 Internal Only: MEDIUM - Risk exists when users process files from untrusted internal or external sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2512

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-965753.html

Restart Required: Yes

Instructions:

1. Download V2512 or later from Siemens support portal. 2. Install the update following vendor instructions. 3. Restart affected systems. 4. Verify version is V2512 or newer.

🔧 Temporary Workarounds

Restrict XDB file handling

all

Implement policies to prevent opening XDB files from untrusted sources

Application control

windows

Use application whitelisting to restrict execution to trusted locations

🧯 If You Can't Patch

Implement strict file handling policies: only open XDB files from trusted sources
Use network segmentation to isolate systems running vulnerable software

🔍 How to Verify

Check if Vulnerable:

Check software version in application Help > About menu

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Confirm version shows V2512 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

Application crashes when parsing XDB files
Unexpected process creation from Femap/Nastran

Network Indicators:

Unusual outbound connections from engineering workstations

SIEM Query:

Process creation where parent process contains 'femap' or 'nastran' AND command line contains suspicious parameters

📊 Metadata

CVE ID: CVE-2026-23717

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.01% exploit probability (0.2th percentile)

Published: February 10, 2026

Last Updated: February 11, 2026

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-965753.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23717, you might also want to check these: