Details of VAR-202405-0216

ID

VAR-202405-0216

CVE

CVE-2024-33577

TITLE

Siemens Simcenter Nastran Stack Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-23515

DESCRIPTION

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process. Simcenter Nastran is a finite element method solver. Siemens Simcenter Nastran has a stack buffer overflow vulnerability

Trust: 1.44

sources: NVD: CVE-2024-33577 // CNVD: CNVD-2024-23515

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-23515

AFFECTED PRODUCTS

vendor:	siemens	model:	simcenter nastran	scope:	eq	version:	2306	Trust: 0.6
vendor:	siemens	model:	simcenter nastran	scope:	eq	version:	2312	Trust: 0.6
vendor:	siemens	model:	simcenter nastran	scope:	eq	version:	2406	Trust: 0.6

sources: CNVD: CNVD-2024-23515

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-33577
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-23515
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-23515
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-23515 // NVD: CVE-2024-33577

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.0

sources: NVD: CVE-2024-33577

PATCH

title:

Patch for Siemens Simcenter Nastran Stack Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/547141

Trust: 0.6

sources: CNVD: CNVD-2024-23515

EXTERNAL IDS

db:	NVD	id:	CVE-2024-33577	Trust: 1.6
db:	SIEMENS	id:	SSA-258494	Trust: 1.6
db:	SIEMENS	id:	SSA-064222	Trust: 1.0
db:	CNVD	id:	CNVD-2024-23515	Trust: 0.6

sources: CNVD: CNVD-2024-23515 // NVD: CVE-2024-33577

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-258494.html	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/html/ssa-064222.html	Trust: 1.0

sources: CNVD: CNVD-2024-23515 // NVD: CVE-2024-33577

SOURCES

db:	CNVD	id:	CNVD-2024-23515
db:	NVD	id:	CVE-2024-33577

LAST UPDATE DATE

2024-07-10T22:42:25.246000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-23515	date:	2024-05-22T00:00:00
db:	NVD	id:	CVE-2024-33577	date:	2024-07-09T12:15:13.437

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-23515	date:	2024-05-24T00:00:00
db:	NVD	id:	CVE-2024-33577	date:	2024-05-14T16:17:20.707