CVE-2021-46699: 
Siemens Simcenter Femap vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability has been identified in Simcenter Femap (all versions prior to V2022.1.1). The vulnerability exists in the parsing of specially crafted BDF files, which could allow an attacker to execute arbitrary code in the context of the current process (ZDI Advisory, CISA Advisory).

The vulnerability (CVE-2021-46699) has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw exists within the parsing of BDF files and results from the lack of proper validation of user-supplied data length before copying it to a stack-based buffer (ZDI Advisory, CISA Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current process, potentially leading to full system compromise with the privileges of the current user. The vulnerability affects confidentiality, integrity, and availability of the system (CISA Advisory).

Siemens has released version 2022.1.1 to address this vulnerability. Users are recommended to update to the latest version. Additionally, users should avoid opening untrusted files from unknown sources and protect network access to devices with appropriate mechanisms (CISA Advisory).