CVE-2024-24921

Published Feb 13, 2024

Last updated a month ago

Overview

Description: A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712)
Source: productcert@siemens.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-787
productcert@siemens.com: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E74983A-12E0-476E-BF9E-C9484242E458",
            "versionEndExcluding": "2401.0000"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References