Siemens Simcenter Nastran Memory Errors Vulnerability Advisory (CVE-2024-41981, CVE-2024-47046)

Key Information Vulnerability Description Vulnerability ID: SSA-852501 Affected Product: Simcenter Nastran Before 2406.5000 Vulnerability Type: Multiple memory errors Trigger Condition: When the application reads BDF file format Potential Impact: Application crash or arbitrary code execution Affected Product Versions Simcenter Nastran 2306: All versions Simcenter Nastran 2312: All versions Simcenter Nastran 2406: All versions < V2406.5000 Solution Simcenter Nastran 2306 and 2312: No fix available at this time. Refer to the Workarounds and Mitigations section. Simcenter Nastran 2406: Upgrade to V2406.5000 or later. Refer to the Workarounds and Mitigations section. Workarounds and Mitigations CVE-2024-41981, CVE-2024-47046: Do not open untrusted BDF files. General Security Recommendations Protect Network Access: Use appropriate security mechanisms. Configure Environment: Configure the environment according to Siemens’ industrial security operational guidelines. Read Product Manual: Follow recommendations in the product manual. Product Description Simcenter Nastran: Software used for structural analysis and design. Vulnerability Details CVE-2024-41981: Heap overflow, CVSS v3.1 Base Score 7.8, CVSS v4.0 Base Score 7.3. CVE-2024-47046: Memory error, CVSS v3.1 Base Score 7.8, CVSS v4.0 Base Score 7.3. Acknowledgments Michael Heinzl: Coordinated disclosure of the vulnerability. Contact Information Siemens ProductCERT: https://www.siemens.com/cert/advisories Version History V1.0 (2024-10-08): Release date Terms and Use Siemens Security Advisories: Subject to Siemens’ license terms or other applicable agreements previously agreed upon with Siemens. Where applicable, the terms and use terms of Siemens Security Advisory (https://www.siemens.com/terms_of_use) shall apply, particularly Sections 8–10. In case of conflict, license terms shall take precedence over use terms.

Goal Reached Thanks to every supporter — we hit 100%!

Siemens Simcenter Nastran Memory Errors Vulnerability Advisory (CVE-2024-41981, CVE-2024-47046)