CVE-2025-40745

Summary

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

Affected Software

VendorProductVersion RangeStatus
SiemensSiemens Software Center0 < V3.5.8.2affected
SiemensSimcenter 3D0 < V2506.6000affected
SiemensSimcenter Femap0 < V2506.0002affected
SiemensSimcenter STAR-CCM+0 < V2602affected
SiemensSolid Edge SE20250 < V225.0 Update 13affected
SiemensSolid Edge SE20260 < V226.0 Update 04affected
SiemensTecnomatix Plant Simulation0 < V2504.0008affected

Weaknesses

  • CWE-295: CWE-295: Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References