Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (siemens) · only source for this CVE.
CVSS VectorVendor: siemens
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.
AnalysisAI
Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation allows unauthenticated remote attackers to perform man-in-the-middle attacks against the Analytics Service endpoint. An attacker positioned on the network path can intercept and decrypt communications, potentially disclosing sensitive information. CVSS 3.7 reflects low-severity impact; no public exploit or active exploitation confirmed, but the low attack complexity and network vector indicate practical exploitability in targeted enterprise environments.
Technical ContextAI
The vulnerability stems from inadequate X.509 certificate validation during TLS handshakes with the Analytics Service endpoint (CWE-295: Improper Certificate Validation). Affected Siemens applications fail to properly verify the authenticity of the server's certificate, enabling a network-adjacent attacker to present a forged certificate and establish a trusted-appearing connection. The Analytics Service is a backend component used for telemetry and product analytics across multiple Siemens engineering suites (CAD, simulation, manufacturing software). Without proper certificate chain and hostname verification, these applications accept connections from attackers controlling network infrastructure (routers, proxies, DNS) or positioned via ARP spoofing, allowing passive eavesdropping on encrypted channels that should be protected.
RemediationAI
Upgrade to the following patched versions: Siemens Software Center V3.5.8.2 or later, Simcenter 3D V2506.6000 or later, Simcenter Femap V2506.0002 or later, Simcenter STAR-CCM+ V2602 or later, Solid Edge SE2025 V225.0 Update 13 or later, Solid Edge SE2026 V226.0 Update 04 or later, and Tecnomatix Plant Simulation V2504.0008 or later. As an interim mitigation, isolate affected applications on networks with strict egress controls and monitor outbound connections to Analytics Service endpoints. Organizations should verify that network security controls (firewalls, proxies, or VPNs) enforce certificate pinning or trusted CA validation before permitting connections to Siemens backend services. Consult the Siemens product security advisory at https://cert-portal.siemens.com/productcert/html/ssa-981622.html for product-specific deployment guidance.
More in Simcenter Femap
View allThe affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This cou
Arbitrary code execution in Simcenter Femap and Nastran versions prior to V2512 results from an out-of-bounds write flaw
Code execution in Simcenter Femap and Nastran versions prior to V2512 results from an out-of-bounds read flaw triggered
Heap-based buffer overflow in Simcenter Femap and Nastran versions prior to V2512 allows local attackers to achieve arbi
Out-of-bounds read in Simcenter Femap and Nastran versions prior to V2512 during NDB file parsing enables local code exe
Simcenter Femap and Nastran versions prior to 2512 are vulnerable to out-of-bounds memory reads when processing maliciou
Arbitrary code execution in Simcenter Femap and Nastran versions prior to 2512 results from an out-of-bounds read when p
A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All ver
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All ver
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All ver
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209431
GHSA-vv4w-99g8-93pp