Siemens Simcenter Femap vulnerabilities

CVE-2026-23715 [HIGH] CWE-787 CVE-2026-23715: A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

CVE-2026-23720 [HIGH] CWE-125 CVE-2026-23720: A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.

CVE-2026-23716 [HIGH] CWE-125 CVE-2026-23716: A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

CVE-2026-23719 [HIGH] CWE-122 CVE-2026-23719: A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.

CVE-2026-23717 [HIGH] CWE-125 CVE-2026-23717: A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

CVE-2026-23718 [HIGH] CWE-125 CVE-2026-23718: A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.

CVE-2025-40829 [HIGH] CWE-908 CVE-2025-40829: A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applicat A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27146)

CVE-2025-40800 [CRITICAL] CWE-295 CVE-2025-40800: A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versio A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026

CVE-2025-40801 [CRITICAL] CWE-295 CVE-2025-40801: A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versio A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement (bundled as NX X)), NX V2506 (All versions < V2506.6000 with Cloud Entitlement (bundled as NX X)), Simcenter 3D (All vers

CVE-2025-40762 [HIGH] CWE-787 CVE-2025-40762: A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in the context of the current process.(ZDI-CAN-26692)

CVE-2025-40764 [HIGH] CWE-125 CVE-2025-40764: A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contains an out of bounds read vulnerability while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.

CVE-2025-25175 [HIGH] CWE-119 CVE-2025-25175: A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)

CVE-2024-33654 [HIGH] CWE-125 CVE-2024-33654: A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.

CVE-2024-32056 [HIGH] CWE-787 CVE-2024-32056: A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process.

CVE-2024-33653 [HIGH] CWE-125 CVE-2024-33653: A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.

CVE-2024-32062 [HIGH] CWE-843 CVE-2024-32062: A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568)

CVE-2024-32064 [HIGH] CWE-125 CVE-2024-32064: A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575)

CVE-2024-32066 [HIGH] CWE-125 CVE-2024-32066: A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578)

CVE-2024-33577 [HIGH] CWE-121 CVE-2024-33577: A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process.

CVE-2024-32055 [HIGH] CWE-125 CVE-2024-32055: A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applicat A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process.