CVE-2021-46155: 
Siemens Simcenter Femap vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability was identified in Siemens Simcenter Femap V2020.2 and V2021.1 (all versions). The vulnerability exists in the parsing of NEU files and could allow an attacker to execute arbitrary code in the context of the current process (NVD, ZDI-305).

The vulnerability (CVE-2021-46155) stems from improper validation of user-supplied data when parsing NEU files, which can result in a stack-based buffer overflow condition. The vulnerability has a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (ZDI-305, CISA).

Successful exploitation of this vulnerability could allow attackers to execute arbitrary code in the context of the current process, potentially leading to complete compromise of the affected system's confidentiality, integrity, and availability (ZDI-305, CISA).

Siemens has released updates to address this vulnerability. Users should update to Simcenter Femap v2022.1 or later. As a general security measure, Siemens strongly recommends protecting network access with appropriate mechanisms and following their operational guidelines for industrial security (CISA).