Is Simcenter Nastran affected by CVE-2026-23717?

Simcenter Femap and Nastran users face a high-severity vulnerability affecting all versions prior to V2512 that could allow attackers to crash applications or potentially execute code through malicious XDB files.

CVE-2026-23717

Q: How to fix CVE-2026-23717?

Within 24 hours: Identify all instances of Simcenter Femap and Nastran in your environment and restrict file sharing/import capabilities for XDB files from untrusted sources. Within 7 days: Implement network segmentation to isolate engineering workstations and disable remote file access where possible; communicate guidance to users to avoid opening XDB files from external sources. Within 30 days: Monitor Siemens security advisories for patch availability (V2512 or later) and plan an immediate upgrade upon release; test patches in non-production environments before deployment.

HIGH

2026-02-10 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 10, 2026 - 10:15 nvd

HIGH 7.8

Description

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

Analysis

Simcenter Femap and Nastran versions prior to 2512 are vulnerable to out-of-bounds memory reads when processing maliciously crafted XDB files, enabling arbitrary code execution with the privileges of the affected application. Local attackers can exploit this vulnerability through specially designed files to achieve full system compromise. …

Remediation

Within 24 hours: Identify all instances of Simcenter Femap and Nastran in your environment and restrict file sharing/import capabilities for XDB files from untrusted sources. Within 7 days: Implement network segmentation to isolate engineering workstations and disable remote file access where possible; communicate guidance to users to avoid opening XDB files from external sources. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

CVE-2026-23717 vulnerability details – vuln.today

Back

CVE-2026-23717

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-23717

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code