CVE-2022-39145: 
Siemens Simcenter Femap vulnerability analysis and mitigation

CVE-2022-39145 is a vulnerability identified in Siemens Simcenter Femap and Parasolid software that was disclosed on September 1, 2022. The vulnerability affects multiple versions of Parasolid (V33.1, V34.0, V34.1, V35.0) and Simcenter Femap (V2022.1, V2022.2). The issue involves an out-of-bounds read vulnerability when parsing X_T files (CVE Mitre, CISA Advisory).

The vulnerability is characterized by an out-of-bounds read past the end of an allocated buffer when parsing X_T files. It has been assigned a CVSS v3 base score of 7.8, with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access required, low attack complexity, and high impact on confidentiality, integrity, and availability (CISA Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current process, potentially leading to remote code execution in the compromised process (CISA Advisory, ZDI Advisory).

Siemens has released updates to address this vulnerability. Users are recommended to update Parasolid to V33.1.263 or later, V34.0.252 or later, V34.1.242 or later, or V35.0.164 or later. For Simcenter Femap, users should update to V2022.1.3 or later, or V2022.2.2 or later. Additionally, Siemens advises users not to open untrusted X_T files (CISA Advisory).