CVE-2021-27399: 
Siemens Simcenter Femap vulnerability analysis and mitigation

A vulnerability (CVE-2021-27399) was identified in Simcenter Femap versions 2020.2 (All versions < V2020.2.MP3) and 2021.1 (All versions < V2021.1.MP3). The vulnerability exists in the femap.exe application which lacks proper validation of user-supplied data when parsing FEMAP files, potentially resulting in an out-of-bounds write past the end of an allocated structure (NVD, ZDI Advisory).

The vulnerability is caused by improper validation of user-supplied data during the parsing of modfem files in the femap.exe application. This can lead to a write operation before the start of an allocated data structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH with the vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current process. The vulnerability requires user interaction, as the target must visit a malicious page or open a malicious file (ZDI Advisory).

Siemens has released security updates to address this vulnerability. Users should update to Simcenter Femap version V2020.2.MP3 or V2021.1.MP3 or later versions (Siemens Advisory).