Description
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.
Published: 2026-02-10
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Code Execution
Action: Immediate Patch
AI Analysis

Impact

A flaw in the processing of XDB files in Simcenter Femap and Simcenter Nastran allows an out-of-bounds read, which can be leveraged to execute arbitrary code within the context of the current process. This vulnerability can compromise confidentiality, integrity, or availability of the affected system. The issue is classified as a type of memory access error.

Affected Systems

The affected products are Siemens Simcenter Femap and Siemens Simcenter Nastran, with all versions older than V2512 encountering this flaw.

Risk and Exploitability

The CVSS score is 7.3, indicating a high severity, while the EPSS score of less than 1% shows that exploitation is currently considered unlikely. The vulnerability is not listed in the CISA KEV catalog. Based primarily on the description, the likely attack vector involves an attacker delivering a specially crafted XDB file to the target application, either locally or over a network, to trigger the out-of-bounds read and gain code‑execution privileges.

Generated by OpenCVE AI on April 17, 2026 at 20:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Simcenter Femap and Simcenter Nastran to version V2512 or later to remove the vulnerability.
  • Limit the ability of the applications to read XDB files to only trusted directories or users, and validate file sources before processing.
  • Run the applications with the minimum privileges required; if possible, use separate low‑privilege accounts for file parsing.
  • Monitor system logs for unusual parsing errors or unexpected process behavior that could indicate exploitation attempts.

Generated by OpenCVE AI on April 17, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in Simcenter Femap and Nastran Leading to Code Execution

Wed, 11 Feb 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simcenter_nastran:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens simcenter Femap
Siemens simcenter Nastran
Vendors & Products Siemens
Siemens simcenter Femap
Siemens simcenter Nastran

Tue, 10 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Simcenter Femap Simcenter Nastran
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-02-10T15:24:46.229Z

Reserved: 2026-01-15T14:48:10.775Z

Link: CVE-2026-23717

cve-icon Vulnrichment

Updated: 2026-02-10T15:24:42.846Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T10:15:58.567

Modified: 2026-02-11T18:24:15.437

Link: CVE-2026-23717

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:00:12Z

Weaknesses