SSA-870926: Datakit and Parasolid Vulnerabilities in Simcenter Femap

HIGH

CVSS 7.8

Date 2026-06-09T00:00:00+00:00

Source siemens-productcert

Published by Siemens ProductCERT

// Description

Simcenter Femap is affected by file parsing vulnerabilities in Datakit library and Parasolid Translator Component that could be triggered when the application reads files in IPT or IGS format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released a new version for Simcenter Femap and recommends to update to the latest version.

// Vulnerabilities (2)

CVE ID	CVSS Score	Severity	Description
CVE-2025-12659	7.8	high	CVE-2025-12659. The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27349, ZDI-CAN-27389)
CVE-2025-40936	7.8	high	CVE-2025-40936. The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process. (ZDI-CAN-26755)

// Remediations (3)

Patch: Update to V2512.0003 or later version

Update to V2512.0003 or later version

Patch: Update to V2512.0003 or later version

Update to V2512.0003 or later version

Patch: Update to V226.00 Update 03 or later version

Update to V226.00 Update 03 or later version

// References

Siemens ProductCERT SSA-870926
Siemens ProductCERT https://cert-portal.siemens.com/productcert/html/ssa-870926.html
Siemens ProductCERT https://cert-portal.siemens.com/productcert/csaf/ssa-870926.json