7.8
CVE-2025-12659
- EPSS 0.2%
- Veröffentlicht 12.05.2026 12:30:04
- Zuletzt bearbeitet 09.06.2026 10:16:33
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
Heap-based buffer overflow in Siemens Simcenter Femap
Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
≫
Produkt
Simcenter Femap
Default Statusunknown
Version
0
Version <
V2512.0003
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.104 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 7.3 | 0 | 0 |
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ics-cert@hq.dhs.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
https://cert-portal.siemens.com/productcert/html/ssa-870926.html
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-05.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-05