Siemens Simcenter Femap and Nastran Vulnerable to File Parsing Exploits (ICSA-26-048-01)
CISA warns of multiple file parsing vulnerabilities in Siemens Simcenter Femap and Nastran, enabling remote code execution via malicious NDB/XDB files. Patch now.
Siemens Simcenter Femap and Nastran Affected by Critical File Parsing Flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory (ICSA-26-048-01) warning of multiple file parsing vulnerabilities in Siemens Simcenter Femap and Simcenter Nastran, engineering simulation software widely used in industrial and aerospace sectors. These flaws could allow remote code execution (RCE) if a user is tricked into opening a specially crafted file in NDB or XDB formats.
Technical Details
The vulnerabilities stem from improper input validation during file parsing operations. When exploited, malicious NDB (Nastran Database) or XDB (External Database) files could trigger memory corruption, leading to arbitrary code execution in the context of the affected application. Siemens has not yet disclosed specific CVE IDs for these flaws, but the advisory indicates they are being tracked under the broader ICSA-26-048-01 designation.
Key affected versions include:
- Simcenter Femap (all versions prior to V2024.1)
- Simcenter Nastran (all versions prior to V2024.1)
Impact Analysis
Successful exploitation requires user interaction (e.g., opening a malicious file via phishing or compromised supply chains). However, given the software’s use in critical infrastructure—such as aerospace, automotive, and defense—these flaws pose a high risk for:
- Remote code execution with application privileges
- Data exfiltration or sabotage of engineering simulations
- Lateral movement within OT/IT networks if combined with other exploits
Mitigation and Recommendations
Siemens has released patches for both products. Organizations should:
- Upgrade immediately to Simcenter Femap/Nastran V2024.1 or later.
- Restrict file access to trusted sources only, particularly for NDB/XDB formats.
- Train users to recognize phishing attempts targeting engineering workflows.
- Monitor systems for unusual file execution or memory corruption events.
For full technical details, refer to the CISA advisory or the CSAF JSON file.
This advisory underscores the growing threat to specialized engineering software, which is increasingly targeted by advanced persistent threats (APTs).