CVE-2026-23716
Out-of-Bounds Read in Simcenter Femap/Nastran Enables Code Execution
Publication date: 2026-02-10
Last updated on: 2026-02-11
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | simcenter_femap | to 2512.0000 (exc) |
| siemens | simcenter_nastran | to 2512.0000 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-23716 is an out-of-bounds read vulnerability found in Simcenter Femap and Simcenter Nastran versions prior to V2512. It occurs when these applications parse specially crafted malicious XDB files.
This vulnerability allows an attacker to read memory outside the intended bounds, which can lead to arbitrary code execution within the context of the affected process.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the affected application to crash or allow an attacker to execute arbitrary code with the same privileges as the current process.
This means an attacker could potentially take control of the system running Simcenter Femap or Simcenter Nastran by tricking a user into opening a malicious XDB file.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when a specially crafted malicious XDB file is opened by Simcenter Femap or Simcenter Nastran versions prior to V2512. Detection involves monitoring for the presence or opening of suspicious or untrusted XDB files within these applications.
There are no specific commands or network detection methods provided in the available information to directly detect exploitation attempts or the vulnerability on your system or network.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, Siemens recommends updating Simcenter Femap and Simcenter Nastran to version V2512 or later, which contain fixes for this and related vulnerabilities.'}, {'type': 'list_item', 'content': 'Avoid opening untrusted or suspicious XDB files in the affected applications.'}, {'type': 'list_item', 'content': 'Implement general security measures such as protecting network access to devices running these applications.'}, {'type': 'list_item', 'content': "Follow Siemens' operational guidelines for Industrial Security and adhere to product-specific security recommendations."}] [1]