Login Sign Up

CVE-2026-23718

7.8 HIGH

📋 TL;DR

An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening malicious NDB files. This affects all versions before V2512 of both engineering simulation software products. Users who process untrusted NDB files are at risk of complete system compromise.

💻 Affected Systems

Products:
  • Simcenter Femap
  • Simcenter Nastran
Versions: All versions < V2512
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when parsing specially crafted NDB files; default installations are vulnerable.

📦 What is this software?

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

Simcenter Nastran by Siemens

View all CVEs affecting Simcenter Nastran →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the current user, potentially leading to full system compromise, data theft, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when a user opens a malicious NDB file, potentially leading to malware installation or data exfiltration.

🟢

If Mitigated

Limited impact if proper file handling controls and user awareness prevent opening untrusted files, though the vulnerability remains present.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file; no public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2512

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-965753.html

Restart Required: Yes

Instructions:

1. Download and install Simcenter Femap V2512 or Simcenter Nastran V2512 from Siemens support portal. 2. Follow vendor installation instructions. 3. Restart affected systems after installation.

🔧 Temporary Workarounds

Restrict NDB file handling

all

Implement application whitelisting to prevent execution of vulnerable versions or restrict opening of NDB files from untrusted sources.

User awareness training

all

Train users to avoid opening NDB files from unknown or untrusted sources.

🧯 If You Can't Patch

  • Implement strict file handling policies to block NDB files from untrusted sources.
  • Use network segmentation to isolate systems running vulnerable software from critical assets.

🔍 How to Verify

Check if Vulnerable:

Check software version in application Help > About menu; if version is below V2512, the system is vulnerable.

Check Version:

Not applicable; check via GUI in Help > About.

Verify Fix Applied:

Verify installed version is V2512 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or unexpected termination when processing NDB files
  • Unusual process creation from Simcenter applications

Network Indicators:

  • Unusual outbound connections from Simcenter processes

SIEM Query:

EventID=1000 OR EventID=1001 (Application Error) with process name containing 'femap' or 'nastran'

📊 Metadata

CVE ID: CVE-2026-23718
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
EPSS Score: 0.01% exploit probability (0.2th percentile)
Published: February 10, 2026
Last Updated: February 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23718, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)