CVE-2025-40762

A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in the context of the current process.(ZDI-CAN-26692)

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-674084.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:simcenter_femap::::::::
	cpe:2.3:a:siemens:simcenter_femap::::::::

History

No history.

Information

Published : 2025-08-12 12:15

Updated : 2025-08-20 16:20

NVD link : CVE-2025-40762

Mitre link : CVE-2025-40762

CVE.ORG link : CVE-2025-40762

JSON object : View

Products Affected

siemens

simcenter_femap

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-40762", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-12T12:15:37.047", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-674084.html", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in the context of the current process.(ZDI-CAN-26692)"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Simcenter Femap V2406 (todas las versiones anteriores a V2406.0003) y Simcenter Femap V2412 (todas las versiones anteriores a V2412.0002). Las aplicaciones afectadas presentan una vulnerabilidad de escritura fuera de los l\u00edmites al analizar un archivo STP especialmente manipulado. Esto podr\u00eda permitir que un atacante ejecute c\u00f3digo en el contexto del proceso actual. (ZDI-CAN-26692)"}], "lastModified": "2025-08-20T16:20:50.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B6246AB-93A6-42E8-8400-339F3C3D893C", "versionEndExcluding": "2406.0003", "versionStartIncluding": "2406.0000"}, {"criteria": "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0D3DE6A-FADD-4273-8870-695A23917A3F", "versionEndExcluding": "2412.0002", "versionStartIncluding": "2412.0000"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}