CVE-2021-46153: 
Siemens Simcenter Femap vulnerability analysis and mitigation

CVE-2021-46153 is a memory corruption vulnerability discovered in Siemens Simcenter Femap V2020.2 and V2021.1 (all versions). The vulnerability was identified in the NEU file parsing functionality and was disclosed on February 9, 2022. The affected software is Simcenter Femap, an advanced simulation application used in engineering (NVD, ZDI-297).

The vulnerability stems from improper validation of user-supplied data during the parsing of NEU files, which can result in memory corruption. It has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The flaw is classified as CWE-787 (Out-of-bounds Write) and can lead to code execution in the context of the current process (NVD, ZDI-299).

Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. The vulnerability requires user interaction, specifically opening a malicious NEU file or visiting a malicious page (ZDI-297).

Siemens has released updates to address this vulnerability. Users of affected versions (V2020.2 and V2021.1) are advised to update to V2022.1 or later. As a general security measure, Siemens recommends protecting network access with appropriate mechanisms and configuring the environment according to Siemens' operational guidelines for industrial security (CISA).