What is CVE-2021-46152?

CVE-2021-46152 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap.

How can this vulnerability be exploited?

This vulnerability can be exploited when the target visits a malicious page or opens a malicious file.

What is the severity of CVE-2021-46152?

The severity of CVE-2021-46152 is rated as high with a CVSS score of 7.8.

Which versions of Siemens Simcenter Femap are affected by this vulnerability?

Siemens Simcenter Femap versions 2020.2, 2020.2-maintenance_pack1, 2020.2-maintenance_pack2, 2020.2-maintenance_pack3, 2021.1, 2021.1-maintenance_pack1, 2021.1-maintenance_pack2, and 2021.1-maintenance_pack3 are affected by this vulnerability.

How can I fix CVE-2021-46152?

It is recommended to apply the necessary updates provided by Siemens to mitigate this vulnerability.

Vulnerability/
CVE-2021-46152

high

7.8

CWE

843

9/2/2022

4/8/2024

CVE-2021-46152: Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

First published: Wed Feb 09 2022(Updated: )

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183)

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Simcenter Femap	=2020.2
Siemens Simcenter Femap	=2020.2-maintenance_pack1
Siemens Simcenter Femap	=2020.2-maintenance_pack2
Siemens Simcenter Femap	=2020.2-maintenance_pack3
Siemens Simcenter Femap	=2021.1
Siemens Simcenter Femap	=2021.1-maintenance_pack1
Siemens Simcenter Femap	=2021.1-maintenance_pack2
Siemens Simcenter Femap	=2021.1-maintenance_pack3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-46152?
CVE-2021-46152 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap.
How can this vulnerability be exploited?
This vulnerability can be exploited when the target visits a malicious page or opens a malicious file.
What is the severity of CVE-2021-46152?
The severity of CVE-2021-46152 is rated as high with a CVSS score of 7.8.
Which versions of Siemens Simcenter Femap are affected by this vulnerability?
Siemens Simcenter Femap versions 2020.2, 2020.2-maintenance_pack1, 2020.2-maintenance_pack2, 2020.2-maintenance_pack3, 2021.1, 2021.1-maintenance_pack1, 2021.1-maintenance_pack2, and 2021.1-maintenance_pack3 are affected by this vulnerability.
How can I fix CVE-2021-46152?
It is recommended to apply the necessary updates provided by Siemens to mitigate this vulnerability.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/last-modified-date
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/title
agent/softwarecombine
agent/tags
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-22-296
alias/ZDI-CAN-15183
alias/CVE-2021-46152
agent/software-canonical-lookup
alias/ZDI-22-293
alias/ZDI-CAN-14643
alias/ZDI-22-295
alias/ZDI-CAN-14755
alias/ZDI-22-294
alias/ZDI-CAN-14644
vendor/siemens
canonical/siemens simcenter femap
version/siemens simcenter femap/2020.2
version/siemens simcenter femap/2020.2-maintenance_pack1
version/siemens simcenter femap/2020.2-maintenance_pack2
version/siemens simcenter femap/2020.2-maintenance_pack3
version/siemens simcenter femap/2021.1
version/siemens simcenter femap/2021.1-maintenance_pack1
version/siemens simcenter femap/2021.1-maintenance_pack2
version/siemens simcenter femap/2021.1-maintenance_pack3