CVE-2024-32061 Siemens CVE debrief

Who should care

Engineering organizations using Simcenter Femap for finite element analysis and CAD preprocessing; security teams protecting OT/ICS environments with design engineering workstations; asset owners in manufacturing, aerospace, and automotive sectors relying on Femap for structural simulation workflows.

Technical summary

The vulnerability exists in the IGS file parsing component of Simcenter Femap, where an out-of-bounds read past the end of an allocated structure can be triggered by a malformed file. This memory safety defect may lead to information disclosure or arbitrary code execution within the process context. The attack requires local access and user interaction to open the malicious file, but no privileges are required. The vulnerability affects all versions prior to V2406.

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor fix: Update Simcenter Femap to V2406 or later version
• Implement user awareness training to avoid opening untrusted IGS files from unknown sources
• Consider application whitelisting or sandboxing for engineering workstations processing CAD files
• Review and restrict file import permissions for non-administrative users
• Monitor for anomalous process behavior following IGS file operations
• Validate IGS files through automated scanning before processing in production environments

Evidence notes

The vulnerability description and CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) are sourced from the CISA CSAF advisory ICSA-24-193-04, which references Siemens Security Advisory SSA-064222. The ZDI-CAN-21566 identifier indicates coordinated disclosure through the Zero Day Initiative.

Official resources