CVE-2025-40745
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
A vulnerability in Siemens products allows an unauthenticated remote attacker to perform man-in-the-middle attacks due to improper validation of client certificates when connecting to the Analytics Service endpoint.
Risk Assessment
An attacker could intercept and modify communication between the application and the analytics server, leading to sensitive data leakage or integrity compromise of transmitted information.
Recommendation
Immediately update all affected products to the patched versions and implement mutual TLS authentication mechanisms.
Original NVD description (English source)
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

