Simcenter Femap
CVE-2026-23715
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.
AnalysisAI
Arbitrary code execution in Simcenter Femap and Nastran versions prior to V2512 results from an out-of-bounds write flaw triggered by parsing malicious XDB files. Local attackers with user interaction can exploit this vulnerability to execute arbitrary code with the privileges of the affected application. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | User must open a malicious XDB file in Simcenter Femap or Simcenter Nastran versions before V2512. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 7.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker could exploit this vulnerability to execute code in the context of the current process. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running Simcenter Femap and Nastran versions below V2512 and restrict file sharing/import capabilities where feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Simcenter Femap
View allThe affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This cou
Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Soli
Code execution in Simcenter Femap and Nastran versions prior to V2512 results from an out-of-bounds read flaw triggered
Heap-based buffer overflow in Simcenter Femap and Nastran versions prior to V2512 allows local attackers to achieve arbi
Out-of-bounds read in Simcenter Femap and Nastran versions prior to V2512 during NDB file parsing enables local code exe
Simcenter Femap and Nastran versions prior to 2512 are vulnerable to out-of-bounds memory reads when processing maliciou
Arbitrary code execution in Simcenter Femap and Nastran versions prior to 2512 results from an out-of-bounds read when p
A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All ver
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All ver
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All ver
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today