Simcenter Femap
CVE-2026-23720
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.
AnalysisAI
Code execution in Simcenter Femap and Nastran versions prior to V2512 results from an out-of-bounds read flaw triggered when parsing malicious NDB files. A local attacker with user interaction can exploit this vulnerability to execute arbitrary code with the privileges of the affected application. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | User interaction required: victim must open a specially crafted NDB (Nastran Database) file in Simcenter Femap or Simcenter Nastran versions earlier than V2512. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 7.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker could exploit this vulnerability to execute code in the context of the current process. |
| Remediation | Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running Simcenter Femap or Nastran versions prior to V2512 and restrict file import capabilities where possible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Simcenter Femap
View allThe affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This cou
Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Soli
Arbitrary code execution in Simcenter Femap and Nastran versions prior to V2512 results from an out-of-bounds write flaw
Heap-based buffer overflow in Simcenter Femap and Nastran versions prior to V2512 allows local attackers to achieve arbi
Out-of-bounds read in Simcenter Femap and Nastran versions prior to V2512 during NDB file parsing enables local code exe
Simcenter Femap and Nastran versions prior to 2512 are vulnerable to out-of-bounds memory reads when processing maliciou
Arbitrary code execution in Simcenter Femap and Nastran versions prior to 2512 results from an out-of-bounds read when p
A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All ver
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All ver
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All ver
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today