As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 7.3
- ATTENTION: Low Attack Complexity
- Vendor: Siemens
- Equipment: Simcenter Femap
- Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute code within the current process of the product.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- Simcenter Femap V2401: Versions prior to V2401.0003
- Simcenter Femap V2406: Versions prior to V2406.0002
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process.
CVE-2025-25175 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for […]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: