CVE-2025-40945

Summary

A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected Software

VendorProductVersion RangeStatus
SiemensCOMOS V10.4.50 < V10.4.5.0.2affected
SiemensCOMOS V10.60 < V10.6.1affected
SiemensDesigncenter NX0 < V2512.7000affected
SiemensSimcenter 3D0 < V2512.7000affected
SiemensSimcenter Femap V25060 < V2506.0003affected
SiemensSimcenter Femap V25120 < V2512.0002affected
SiemensSimcenter Nastran0 < V2606affected
SiemensSimcenter STAR-CCM+0 < V2606affected
SiemensSolid Edge SE20250 < V225.0 Update 13affected
SiemensSolid Edge SE20260 < V226.0 Update 04affected
SiemensTeamcenter Visualization V24120 < V2412.0012affected
SiemensTeamcenter Visualization V25060 < V2506.0009affected
SiemensTeamcenter Visualization V25120 < V2512.2605affected
SiemensTecnomatix Plant Simulation V24040 < V2404.0022affected
SiemensTecnomatix Plant Simulation V25040 < V2504.0010affected
SiemensTecnomatix Process Simulate0 < V2606affected

Weaknesses

  • CWE-426: CWE-426: Untrusted Search Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References