Description
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.
Published: 2026-02-10
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Code Execution
Action: Immediate Patch
AI Analysis

Impact

An out-of-bounds read (CWE-125) occurs when Simcenter Femap or Simcenter Nastran parse specially crafted NDB files. The vulnerability can allow an attacker to execute code within the context of the running application, potentially giving them control over the host system.

Affected Systems

Siemens Simcenter Femap and Simcenter Nastran versions earlier than 2512 are affected. The issue exists in all builds below V2512 and is present in both products.

Risk and Exploitability

The vulnerability scores a high CVSS of 7.3, indicating significant risk. EPSS is below 1%, suggesting that exploitation is unlikely at present, but the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires delivery of a malicious NDB file that the application processes; this may be possible through user-supplied input or misconfigured file handling. Once exploited, the attacker gains code‑execution privileges in the process’s context.

Generated by OpenCVE AI on April 17, 2026 at 20:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the Siemens update that fixes the out‑of‑bounds read in Simcenter Femap and Simcenter Nastran (V2512 or later).
  • If an update is unavailable, upgrade the products to version 2512 or higher as soon as possible.
  • Until an official fix is applied, restrict access to NDB files by removing them from shared directories or disabling the import of user‑supplied NDB files within the application settings.

Generated by OpenCVE AI on April 17, 2026 at 20:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in Simcenter Femap/Nastran via NDB File Leading to Code Execution

Wed, 11 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simcenter_nastran:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens simcenter Femap
Siemens simcenter Nastran
Vendors & Products Siemens
Siemens simcenter Femap
Siemens simcenter Nastran

Tue, 10 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Simcenter Femap Simcenter Nastran
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-02-10T15:06:28.914Z

Reserved: 2026-01-15T14:48:10.775Z

Link: CVE-2026-23720

cve-icon Vulnrichment

Updated: 2026-02-10T15:06:10.525Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T10:15:59.073

Modified: 2026-02-11T17:58:50.067

Link: CVE-2026-23720

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:00:12Z

Weaknesses