CVE-2026-23720 – An out-of-bounds read vulnerability in Simcente... (How to Fix)

Q: What is the severity of CVE-2026-23720?

CVE-2026-23720 has a CVSS score of 7.8 (HIGH). An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening malicious NDB files. All organizations using these engineering simulation software versions before V2512 are affected. This could lead to complete system compromise.

📋 TL;DR

An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening malicious NDB files. All organizations using these engineering simulation software versions before V2512 are affected. This could lead to complete system compromise.

💻 Affected Systems

Products:

Simcenter Femap
Simcenter Nastran

Versions: All versions before V2512

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing specially crafted NDB files, which are native data files for these applications.

📦 What is this software?

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

Simcenter Nastran by Siemens

View all CVEs affecting Simcenter Nastran →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker gaining the same privileges as the user running the software, potentially leading to lateral movement across networks.

🟠

Likely Case

Local privilege escalation leading to data theft, system manipulation, or installation of persistent malware.

🟢

If Mitigated

Limited impact if software runs with minimal privileges and in isolated environments with restricted file access.

🌐 Internet-Facing: LOW - These are desktop engineering applications not typically exposed directly to the internet.

🏢 Internal Only: HIGH - Attackers could exploit this via phishing, malicious downloads, or compromised internal systems to target engineers and designers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files. No public exploits available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2512

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-965753.html

Restart Required: Yes

Instructions:

1. Download V2512 or later from Siemens support portal. 2. Backup current configurations. 3. Run installer with administrative privileges. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Restrict NDB file handling

all

Configure systems to open NDB files only in trusted environments or with limited privileges

User awareness training

all

Train users to only open NDB files from trusted sources and verify file integrity

🧯 If You Can't Patch

Run applications with minimal user privileges (not as administrator)
Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About menu. If version is below V2512, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Confirm version shows V2512 or higher in Help > About menu after update.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening NDB files
Unusual process spawning from Femap/Nastran

Network Indicators:

Outbound connections from engineering workstations to suspicious IPs

SIEM Query:

Process: (Femap.exe OR Nastran.exe) AND Event: Crash OR SuspiciousChildProcess

📊 Metadata

CVE ID: CVE-2026-23720

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.01% exploit probability (0.2th percentile)

Published: February 10, 2026

Last Updated: February 11, 2026

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-965753.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23720, you might also want to check these: