PatchSiren cyber security CVE debrief
CVE-2024-32059 Siemens CVE debrief
CVE-2024-32059 is a high-severity out-of-bounds read vulnerability in Siemens Simcenter Femap, published on July 9, 2024. The flaw occurs when parsing specially crafted IGS (Initial Graphics Exchange Specification) files, allowing an attacker to execute arbitrary code in the context of the current process. The vulnerability was reported through the Zero Day Initiative (ZDI-CAN-21564) and carries a CVSS 3.1 score of 7.8. Simcenter Femap is an engineering simulation software used for finite element analysis and pre/post-processing in industrial and manufacturing environments. The attack vector requires local access with user interaction—an attacker must convince a victim to open a malicious IGS file. While not listed in CISA's Known Exploited Vulnerabilities catalog, the high impact potential (confidentiality, integrity, and availability) and the common use of file sharing in engineering workflows elevate practical risk. Siemens has released a vendor fix in version V2406 or later.
- Vendor
- Siemens
- Product
- Simcenter Femap
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-05-14
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-05-14
Who should care
Engineering teams using Simcenter Femap for finite element analysis and simulation; manufacturing organizations with CAD/CAE workflows; security teams responsible for industrial software asset management; organizations with supply chain file exchange practices involving IGS format files
Technical summary
The vulnerability exists in the IGS file parsing component of Simcenter Femap. When processing a malformed IGS file, the application reads beyond the bounds of an allocated memory structure. This out-of-bounds read can be leveraged to achieve arbitrary code execution within the context of the Simcenter Femap process. The attack requires user interaction to open the malicious file and local access to deliver the payload. The vulnerability affects all versions prior to V2406.
Defensive priority
HIGH
Recommended defensive actions
- Update Simcenter Femap to version V2406 or later as provided by Siemens
- Implement application controls to restrict execution of Simcenter Femap to authorized users and approved workstations
- Train engineering staff to avoid opening IGS files from untrusted sources, including email attachments and external file-sharing platforms
- Consider network segmentation for systems running Simcenter Femap to limit lateral movement in case of compromise
- Monitor for anomalous process behavior or unexpected child processes spawned from Simcenter Femap
- Review and apply CISA ICS recommended practices for defense-in-depth in industrial control environments
Evidence notes
Vulnerability disclosed via CISA ICS advisory ICSA-24-193-04 and Siemens security advisory SSA-064222. ZDI reference ZDI-CAN-21564 confirms coordinated disclosure through Zero Day Initiative. CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates local attack vector requiring user interaction but yielding high impact across all security properties.
Official resources
-
CVE-2024-32059 CVE record
CVE.org
-
CVE-2024-32059 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09