CVE Catalog

CVE-2025-40745

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

A vulnerability in Siemens products allows an unauthenticated remote attacker to perform man-in-the-middle attacks due to improper validation of client certificates when connecting to the Analytics Service endpoint.

Risk Assessment

An attacker could intercept and modify communication between the application and the analytics server, leading to sensitive data leakage or integrity compromise of transmitted information.

Recommendation

Immediately update all affected products to the patched versions and implement mutual TLS authentication mechanisms.

Original NVD description (English source)

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS