{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23718", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2026-01-15T14:48:10.775Z", "datePublished": "2026-02-10T09:58:50.583Z", "dateUpdated": "2026-02-10T15:11:43.915Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-02-10T09:58:50.583Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process."}], "affected": [{"vendor": "Siemens", "product": "Simcenter Femap", "versions": [{"status": "affected", "version": "0", "lessThan": "V2512", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Simcenter Nastran", "versions": [{"status": "affected", "version": "0", "lessThan": "V2512", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-965753.html"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T15:10:07.693864Z", "id": "CVE-2026-23718", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:11:43.915Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23718", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-10T15:10:07.693864Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:10:13.630Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "Simcenter Femap", "versions": [{"status": "affected", "version": "0", "lessThan": "V2512", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Simcenter Nastran", "versions": [{"status": "affected", "version": "0", "lessThan": "V2512", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-965753.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-02-10T09:58:50.583Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23718", "state": "PUBLISHED", "dateUpdated": "2026-02-10T15:11:43.915Z", "dateReserved": "2026-01-15T14:48:10.775Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2026-02-10T09:58:50.583Z", "assignerShortName": "siemens"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0DE036D-8721-4DDF-9459-5735606CF324", "versionEndExcluding": "2512.0000", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simcenter_nastran:*:*:*:*:*:*:*:*", "matchCriteriaId": "308A9F5D-48A7-4AEA-B2C9-BAFF947244DB", "versionEndExcluding": "2512.0000", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process."}], "id": "CVE-2026-23718", "lastModified": "2026-02-11T18:24:00.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2026-02-10T10:15:58.740", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/html/ssa-965753.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "productcert@siemens.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V2512)"}}], "product": "simcenter_femap", "vendor": "siemens"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V2512)"}}], "product": "simcenter_nastran", "vendor": "siemens"}], "analysis": {"en": {"generated_at": "2026-04-17T20:49:56.544327+00:00", "value": {"mitigation_remediation": ["Upgrade Siemens Simcenter Femap or Simcenter Nastran to version V2512 or later.", "If an upgrade is not immediately available, limit the application to processing NDB files that come from trusted sources and block or quarantine unknown files before importing them.", "Apply strict file\u2011level access controls so that only authorised users can create or modify NDB files that the application will read.", "If a custom pre\u2011processing tool is used, include bounds checking on NDB file structures to prevent out\u2011of\u2011bounds reads."], "summary": {"action": "Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Siemens Simcenter Femap (all versions prior to V2512) and Siemens Simcenter Nastran (all versions prior to V2512) are affected. The same vulnerability applies to every version below V2512 in both products.", "description_and_impact": "The vulnerability is an out\u2011of\u2011bounds read that occurs when the application parses specially crafted NDB files. Because the read can be abused to execute code in the context of the running process, an attacker that supplies a malicious NDB file could gain arbitrary code execution privilege on the affected system.", "risk_and_exploitability": "The CVSS score of 7.3 indicates a high severity, but the EPSS score is listed as less than 1%, implying that the likelihood of a widespread exploit is low at present. The vulnerability is not in the CISA KEV catalog. The attack path requires delivery of a crafted NDB file, which then triggers the vulnerable parsing routine. The required conditions do not demand elevated privileges, so a local user who runs the application could be exploited, and if the application processes files from a network share, a remote attacker could deliver the file indirectly. Because the flaw can lead to code execution, the impact is severe, yet the current exploitation probability appears to be low."}}}}, "created": "2026-02-10T12:23:32.649284+00:00", "title": "Out of Bounds Read in Simcenter Femap and Nastran Enabling Code Execution", "updated": "2026-04-17T21:00:12.702845+00:00", "vendors": ["siemens", "siemens$PRODUCT$simcenter_femap", "siemens$PRODUCT$simcenter_nastran"]}