CVE-2021-27387: 
Siemens Simcenter Femap vulnerability analysis and mitigation

A vulnerability (CVE-2021-27387) was identified in Simcenter Femap versions 2020.2 (All versions < V2020.2.MP3) and 2021.1 (All versions < V2021.1.MP3). The vulnerability exists in the femap.exe application which lacks proper validation of user-supplied data when parsing FEMAP files (NVD, ZDI).

The vulnerability is an out-of-bounds write past the end of an allocated structure when parsing modfem files. The issue stems from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI).

An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. The vulnerability requires user interaction to exploit, as the target must visit a malicious page or open a malicious file (ZDI).

Siemens has released updates to address this vulnerability. Users should update to Simcenter Femap version V2020.2.MP3 or V2021.1.MP3 or later versions (Siemens Advisory).