CVE-2025-40945 PUBLISHED

Assigner: siemens
Reserved: 16.04.2025 Published: 14.07.2026 Updated: 14.07.2026

A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Product Status

Vendor Siemens
Product COMOS V10.4.5
Versions Default: unknown
  • affected from 0 to V10.4.5.0.2 (excl.)
Vendor Siemens
Product COMOS V10.6
Versions Default: unknown
  • affected from 0 to V10.6.1 (excl.)
Vendor Siemens
Product Designcenter NX
Versions Default: unknown
  • affected from 0 to V2512.7000 (excl.)
Vendor Siemens
Product Simcenter 3D
Versions Default: unknown
  • affected from 0 to V2512.7000 (excl.)
Vendor Siemens
Product Simcenter Femap V2506
Versions Default: unknown
  • affected from 0 to V2506.0003 (excl.)
Vendor Siemens
Product Simcenter Femap V2512
Versions Default: unknown
  • affected from 0 to V2512.0002 (excl.)
Vendor Siemens
Product Simcenter Nastran
Versions Default: unknown
  • affected from 0 to V2606 (excl.)
Vendor Siemens
Product Simcenter STAR-CCM+
Versions Default: unknown
  • affected from 0 to V2606 (excl.)
Vendor Siemens
Product Solid Edge SE2025
Versions Default: unknown
  • affected from 0 to V225.0 Update 13 (excl.)
Vendor Siemens
Product Solid Edge SE2026
Versions Default: unknown
  • affected from 0 to V226.0 Update 04 (excl.)
Vendor Siemens
Product Teamcenter Visualization V2412
Versions Default: unknown
  • affected from 0 to V2412.0012 (excl.)
Vendor Siemens
Product Teamcenter Visualization V2506
Versions Default: unknown
  • affected from 0 to V2506.0009 (excl.)
Vendor Siemens
Product Teamcenter Visualization V2512
Versions Default: unknown
  • affected from 0 to V2512.2605 (excl.)
Vendor Siemens
Product Tecnomatix Plant Simulation V2404
Versions Default: unknown
  • affected from 0 to V2404.0022 (excl.)
Vendor Siemens
Product Tecnomatix Plant Simulation V2504
Versions Default: unknown
  • affected from 0 to V2504.0010 (excl.)
Vendor Siemens
Product Tecnomatix Process Simulate
Versions Default: unknown
  • affected from 0 to V2606 (excl.)

References

Problem Types

  • CWE-426: Untrusted Search Path CWE