Siemens Simcenter Femap and Nastran

Summary

Siemens Simcenter Femap and Nastran is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in NDB and XDB formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens Simcenter Femap and Nastran are affected:

Simcenter Femap vers:intdot/<2512 (CVE-2026-23715, CVE-2026-23716, CVE-2026-23717, CVE-2026-23718, CVE-2026-23719, CVE-2026-23720)
Simcenter Nastran vers:intdot/<2512 (CVE-2026-23715, CVE-2026-23716, CVE-2026-23717, CVE-2026-23718, CVE-2026-23719, CVE-2026-23720)

CVSS	Vendor	Equipment	Vulnerabilities
v3 7.8	Siemens	Siemens Simcenter Femap and Nastran	Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2026-23715

The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

View CVE Details

Affected Products

Siemens Simcenter Femap and Nastran

Vendor:
Siemens

Product Version:
Simcenter Femap, Simcenter Nastran

Product Status:
known_affected

Remediations

Mitigation
Do not open untrusted XDB files in affected applications

Vendor fix
Update to V2512 or later version
https://support.sw.siemens.com/product/275652363/

Vendor fix
Update to V2512 or later version
https://support.sw.siemens.com/product/289054037/

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2026-23716

The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

View CVE Details

Affected Products

Siemens Simcenter Femap and Nastran

Vendor:
Siemens

Product Version:
Simcenter Femap, Simcenter Nastran

Product Status:
known_affected

Remediations

Mitigation
Do not open untrusted XDB files in affected applications

Vendor fix
Update to V2512 or later version
https://support.sw.siemens.com/product/275652363/

Vendor fix
Update to V2512 or later version
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Siemens Simcenter Femap and Nastran

Siemens Simcenter Femap and Nastran

Summary

Background

Vulnerabilities

CVE-2026-23715

Affected Products

Siemens Simcenter Femap and Nastran

Remediations

Metrics

CVE-2026-23716

Affected Products

Siemens Simcenter Femap and Nastran

Remediations

Read the original article:

Like this:

Related

Summary

Background

Vulnerabilities

CVE-2026-23715

Affected Products

Siemens Simcenter Femap and Nastran

Remediations

Metrics

CVE-2026-23716

Affected Products

Siemens Simcenter Femap and Nastran

Remediations

Read the original article:

Share this:

Like this:

Related

Post navigation