PatchSiren cyber security CVE debrief

CVE-2024-32055 Siemens CVE debrief

CVE-2024-32055 is a high-severity out-of-bounds read vulnerability in Siemens Simcenter Femap, published 2024-07-09. The flaw occurs when parsing specially crafted IGS (Initial Graphics Exchange Specification) files, allowing an attacker to execute code in the context of the current process. The vulnerability stems from reading past the end of an allocated structure during file parsing. With a CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), this represents a significant risk to engineering workstations where Femap is deployed. The attack requires local access and user interaction (opening a malicious file), but successful exploitation yields high impact across confidentiality, integrity, and availability. Siemens has released version V2406 as a vendor fix. CISA and Siemens both recommend avoiding untrusted IGS files as an interim mitigation.

Vendor: Siemens
Product: Simcenter Femap
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-05-14
Original CVE updated: 2024-05-14
Advisory published: 2024-05-14
Advisory updated: 2024-05-14

Who should care

Organizations using Siemens Simcenter Femap for finite element analysis and CAE workflows should prioritize this vulnerability. Engineering teams in aerospace, automotive, and heavy machinery sectors—where Femap is commonly deployed for pre/post-processing—face elevated risk due to frequent exchange of CAD geometry files. IT security teams supporting OT/ICS environments must coordinate with engineering departments to implement file handling controls. Organizations with supply chain partners sharing IGS files should establish verification procedures before file ingestion. Security operations centers should monitor for suspicious Femap process activity as an indicator of potential exploitation.

Technical summary

The vulnerability exists in Simcenter Femap's IGS file parser where an out-of-bounds read occurs past the end of an allocated structure. When a specially crafted IGS file is opened, the parser reads memory beyond the intended buffer boundary. This memory corruption primitive can be leveraged to achieve arbitrary code execution within the Femap process context. The attack vector is local, requiring user interaction to open the malicious file. The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates that while privileges are not required and attack complexity is low, successful exploitation requires user action and remains confined to the local system scope. The high impacts across confidentiality, integrity, and availability reflect the potential for complete compromise of the engineering workstation.

Defensive priority

HIGH

Recommended defensive actions

Apply vendor fix: Update Simcenter Femap to version V2406 or later
Implement file handling policy: Block or quarantine untrusted IGS files from external sources
User awareness training: Educate engineers on risks of opening CAD files from unverified origins
Network segmentation: Isolate engineering workstations from untrusted networks where possible
Monitor for anomalous Femap process behavior indicating potential exploitation attempts

Evidence notes

Source corpus confirms: (1) vulnerability type is out-of-bounds read during IGS parsing per CISA CSAF advisory ICSA-24-193-04; (2) affected product is Siemens Simcenter Femap per CSAF product tree with high confidence; (3) CVSS 7.8 HIGH severity per source metadata; (4) vendor fix V2406 available per remediation details; (5) mitigations include avoiding untrusted IGS/BDF/BMP files. No KEV entry present. All timing derived from CVE published/modified dates of 2024-07-09.

Official resources

CVE-2024-32055 was disclosed on 2024-07-09 via CISA ICS Advisory ICSA-24-193-04, with coordinated disclosure through Siemens ProductCERT. The vulnerability was identified in Simcenter Femap's IGS file parsing component. No known public KEV,