CVE-2021-46156: 
Siemens Simcenter Femap vulnerability analysis and mitigation

A vulnerability (CVE-2021-46156) was identified in Siemens Simcenter Femap versions V2020.2 and V2021.1 (all versions). The vulnerability was discovered in 2021 and publicly disclosed on February 9, 2022. The issue affects the application's handling of NEU files, specifically containing an out-of-bounds write vulnerability past the end of an allocated structure while parsing specially crafted NEU files (ZDI Advisory, NVD).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 base score of 7.8 (HIGH). The CVSS vector string is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that the vulnerability requires local access and user interaction to exploit, but can result in high impacts to confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current process, potentially leading to complete system compromise with the same privileges as the vulnerable application (ZDI Advisory).

Siemens has released updates to address this vulnerability. Users are advised to update to Simcenter Femap v2022.1 or later. As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms and configuring the environment according to Siemens' operational guidelines for industrial security (CISA Advisory).