Solid Edge Se2025
Monthly
Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation allows unauthenticated remote attackers to perform man-in-the-middle attacks against the Analytics Service endpoint. An attacker positioned on the network path can intercept and decrypt communications, potentially disclosing sensitive information. CVSS 3.7 reflects low-severity impact; no public exploit or active exploitation confirmed, but the low attack complexity and network vector indicate practical exploitability in targeted enterprise environments.
Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation allows unauthenticated remote attackers to perform man-in-the-middle attacks against the Analytics Service endpoint. An attacker positioned on the network path can intercept and decrypt communications, potentially disclosing sensitive information. CVSS 3.7 reflects low-severity impact; no public exploit or active exploitation confirmed, but the low attack complexity and network vector indicate practical exploitability in targeted enterprise environments.