CVE-2025-40745 PUBLISHED

Assigner: siemens
Reserved: 16.04.2025 Published: 14.04.2026 Updated: 14.04.2026

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.3

Product Status

Vendor Siemens
Product Siemens Software Center
Versions Default: unknown
  • affected from 0 to V3.5.8.2 (excl.)
Vendor Siemens
Product Simcenter 3D
Versions Default: unknown
  • affected from 0 to V2506.6000 (excl.)
Vendor Siemens
Product Simcenter Femap
Versions Default: unknown
  • affected from 0 to V2506.0002 (excl.)
Vendor Siemens
Product Simcenter STAR-CCM+
Versions Default: unknown
  • affected from 0 to V2602 (excl.)
Vendor Siemens
Product Solid Edge SE2025
Versions Default: unknown
  • affected from 0 to V225.0 Update 13 (excl.)
Vendor Siemens
Product Solid Edge SE2026
Versions Default: unknown
  • affected from 0 to V226.0 Update 04 (excl.)
Vendor Siemens
Product Tecnomatix Plant Simulation
Versions Default: unknown
  • affected from 0 to V2504.0008 (excl.)

References

Problem Types

  • CWE-295: Improper Certificate Validation CWE