CVE-2022-28662: 
Siemens Simcenter Femap vulnerability analysis and mitigation

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The vulnerability (CVE-2022-28662) involves an out-of-bounds write past the end of an allocated buffer while parsing specially crafted .NEU files. This vulnerability was discovered and reported by xina1i working with Trend Micro Zero Day Initiative (CISA).

The vulnerability is classified as CWE-787 (Out-of-bounds Write). It has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, indicating that it requires local access and user interaction to exploit (NVD).

If successfully exploited, this vulnerability could allow an attacker to leverage the out-of-bounds write condition to leak information in the context of the current process (CISA).

Siemens has released version V2022.1.2 to address this vulnerability. Users are recommended to update to this version or later. As a general security measure, Siemens strongly recommends protecting network access with appropriate mechanisms and configuring the environment according to Siemens' operational guidelines for industrial security (CISA).