CVE-2024-33653: 
Siemens Simcenter Femap vulnerability analysis and mitigation

A vulnerability (CVE-2024-33653) has been identified in Simcenter Femap (All versions < V2406). The vulnerability involves an out-of-bounds read vulnerability in the BMP file parsing functionality. This security issue was discovered and disclosed on July 9, 2024, affecting all versions of Simcenter Femap prior to version 2406 (Siemens Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs when parsing specially crafted BMP files. The vulnerability has received a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v4.0 Base Score of 7.3 (HIGH) with the vector string CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (Siemens Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current process, potentially leading to complete compromise of the affected system's confidentiality, integrity, and availability (Siemens Advisory).

Siemens has released version 2406 as a fix for this vulnerability and recommends users to update to this version or later. As a workaround, users are advised not to open untrusted BMP files in the affected applications. Additionally, Siemens recommends following their operational guidelines for Industrial Security and protecting network access to devices with appropriate mechanisms (Siemens Advisory).