CVE-2025-40745

| EUVD-2025-209431 MEDIUM
2026-04-14 siemens GHSA-vv4w-99g8-93pp
Information Disclosure Siemens
6.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Apr 14, 2026 - 09:22 NVD
LOW MEDIUM
CVSS Changed
Apr 14, 2026 - 09:22 NVD
3.7 (LOW) 6.3 (MEDIUM)
Analysis Generated
Apr 14, 2026 - 09:11 vuln.today

DescriptionNVD

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

AnalysisAI

Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation allows unauthenticated remote attackers to perform man-in-the-middle attacks against the Analytics Service endpoint. An attacker positioned on the network path can intercept and decrypt communications, potentially disclosing sensitive information. CVSS 3.7 reflects low-severity impact; no public exploit or active exploitation confirmed, but the low attack complexity and network vector indicate practical exploitability in targeted enterprise environments.

Technical ContextAI

The vulnerability stems from inadequate X.509 certificate validation during TLS handshakes with the Analytics Service endpoint (CWE-295: Improper Certificate Validation). Affected Siemens applications fail to properly verify the authenticity of the server's certificate, enabling a network-adjacent attacker to present a forged certificate and establish a trusted-appearing connection. The Analytics Service is a backend component used for telemetry and product analytics across multiple Siemens engineering suites (CAD, simulation, manufacturing software). Without proper certificate chain and hostname verification, these applications accept connections from attackers controlling network infrastructure (routers, proxies, DNS) or positioned via ARP spoofing, allowing passive eavesdropping on encrypted channels that should be protected.

RemediationAI

Upgrade to the following patched versions: Siemens Software Center V3.5.8.2 or later, Simcenter 3D V2506.6000 or later, Simcenter Femap V2506.0002 or later, Simcenter STAR-CCM+ V2602 or later, Solid Edge SE2025 V225.0 Update 13 or later, Solid Edge SE2026 V226.0 Update 04 or later, and Tecnomatix Plant Simulation V2504.0008 or later. As an interim mitigation, isolate affected applications on networks with strict egress controls and monitor outbound connections to Analytics Service endpoints. Organizations should verify that network security controls (firewalls, proxies, or VPNs) enforce certificate pinning or trusted CA validation before permitting connections to Siemens backend services. Consult the Siemens product security advisory at https://cert-portal.siemens.com/productcert/html/ssa-981622.html for product-specific deployment guidance.

Share

CVE-2025-40745 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy