{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40745", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2025-04-16T08:39:30.030Z", "datePublished": "2026-04-14T08:40:38.637Z", "dateUpdated": "2026-04-14T13:38:29.751Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-04-14T08:40:38.637Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks."}], "affected": [{"vendor": "Siemens", "product": "Siemens Software Center", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.5.8.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Simcenter 3D", "versions": [{"status": "affected", "version": "0", "lessThan": "V2506.6000", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Simcenter Femap", "versions": [{"status": "affected", "version": "0", "lessThan": "V2506.0002", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Simcenter STAR-CCM+", "versions": [{"status": "affected", "version": "0", "lessThan": "V2602", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Solid Edge SE2025", "versions": [{"status": "affected", "version": "0", "lessThan": "V225.0 Update 13", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Solid Edge SE2026", "versions": [{"status": "affected", "version": "0", "lessThan": "V226.0 Update 04", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Tecnomatix Plant Simulation", "versions": [{"status": "affected", "version": "0", "lessThan": "V2504.0008", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.7, "baseSeverity": "LOW"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-981622.html"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T13:37:06.968025Z", "id": "CVE-2025-40745", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:38:29.751Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-40745", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T13:37:06.968025Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:38:03.182Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "Siemens Software Center", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.5.8.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Simcenter 3D", "versions": [{"status": "affected", "version": "0", "lessThan": "V2506.6000", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Simcenter Femap", "versions": [{"status": "affected", "version": "0", "lessThan": "V2506.0002", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Simcenter STAR-CCM+", "versions": [{"status": "affected", "version": "0", "lessThan": "V2602", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Solid Edge SE2025", "versions": [{"status": "affected", "version": "0", "lessThan": "V225.0 Update 13", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Solid Edge SE2026", "versions": [{"status": "affected", "version": "0", "lessThan": "V226.0 Update 04", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Tecnomatix Plant Simulation", "versions": [{"status": "affected", "version": "0", "lessThan": "V2504.0008", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-981622.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-04-14T08:40:38.637Z"}}}, "cveMetadata": {"cveId": "CVE-2025-40745", "state": "PUBLISHED", "dateUpdated": "2026-04-14T13:38:29.751Z", "dateReserved": "2025-04-16T08:39:30.030Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2026-04-14T08:40:38.637Z", "assignerShortName": "siemens"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks."}], "id": "CVE-2025-40745", "lastModified": "2026-04-14T09:16:34.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "productcert@siemens.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2026-04-14T09:16:34.683", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-981622.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "productcert@siemens.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V2506.6000)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Simcenter 3D", "source": "cna", "vendor": "Siemens"}, "product": "simcenter_3d", "vendor": "siemens"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V2506.0002)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Simcenter Femap", "source": "cna", "vendor": "Siemens"}, "product": "simcenter_femap", "vendor": "siemens"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V2602)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Simcenter STAR-CCM+", "source": "cna", "vendor": "Siemens"}, "product": "simcenter_star-ccm\\+", "vendor": "siemens"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V3.5.8.2)"}}], "enrichment": {"confidence": 85.0, "confidence_source": "matching", "scores": [{"score": 85.0, "source": "matching"}]}, "original": {"product": "Siemens Software Center", "source": "cna", "vendor": "Siemens"}, "product": "software_center", "vendor": "siemens"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V225.0 Update 13)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Solid Edge SE2025", "source": "cna", "vendor": "Siemens"}, "product": "solid_edge_se2025", "vendor": "siemens"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V226.0 Update 04)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Solid Edge SE2026", "source": "cna", "vendor": "Siemens"}, "product": "solid_edge_se2026", "vendor": "siemens"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V2504.0008)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Tecnomatix Plant Simulation", "source": "cna", "vendor": "Siemens"}, "product": "tecnomatix_plant_simulation", "vendor": "siemens"}], "analysis": {"en": {"generated_at": "2026-04-14T10:21:59.898175+00:00", "value": {"mitigation_remediation": ["Update Siemens Software Center to version\u00a0V3.5.8.2 or newer", "Update Simcenter\u202f3D to version\u00a0V2506.6000 or newer", "Update Simcenter\u202fFemap to version\u00a0V2506.0002 or newer", "Update Simcenter\u202fSTAR\u2011CCM+ to version\u00a0V2602 or newer", "Update Solid\u202fEdge\u202fSE2025 to version\u00a0V225.0\u00a0Update\u00a013 or newer", "Update Solid\u202fEdge\u202fSE2026 to version\u00a0V226.0\u00a0Update\u00a004 or newer", "Update Tecnomatix\u00a0Plant\u00a0Simulation to version\u00a0V2504.0008 or newer"], "summary": {"action": "Patch", "impact": "Man\u2011in\u2011the\u2011middle via client\u2011certificate validation flaw"}, "threat_synthesis": {"affected_systems": "Siemens Software Center (all versions earlier than V3.5.8.2), Simcenter\u202f3D (all versions earlier than V2506.6000), Simcenter\u202fFemap (all versions earlier than V2506.0002), Simcenter\u202fSTAR\u2011CCM+ (all versions earlier than V2602), Solid\u202fEdge\u202fSE2025 (all versions earlier than V225.0\u00a0Update\u00a013), Solid\u202fEdge\u202fSE2026 (all versions earlier than V226.0\u00a0Update\u00a004), and Tecnomatix\u00a0Plant\u00a0Simulation (all versions earlier than V2504.0008).", "description_and_impact": "Affected Siemens Software Center and related products do not properly validate client certificates when connecting to the Analytics Service endpoint. This certificate or key management flaw (CWE\u2011295) allows an unauthenticated remote attacker to intercept or tamper with traffic, compromising confidentiality and integrity of transmitted data.", "risk_and_exploitability": "The CVSS score of 6.3 indicates moderate severity, and the lack of an EPSS score makes the exact likelihood of exploitation uncertain. The vulnerability is not listed in the CISA KEV catalog. Because no authentication is required, the most plausible attack vector involves a remote attacker exploiting the Analytics Service endpoint over the network, permitting session hijacking or data manipulation."}}}}, "created": "2026-04-14T16:15:44.774926+00:00", "title": "Improper Client\u2011Certificate Validation Enables Man\u2011in\u2011the\u2011Middle Attacks in Siemens Software Products", "updated": "2026-04-14T16:30:41.689819+00:00", "vendors": ["siemens", "siemens$PRODUCT$simcenter_3d", "siemens$PRODUCT$simcenter_femap", "siemens$PRODUCT$simcenter_star-ccm\\+", "siemens$PRODUCT$software_center", "siemens$PRODUCT$solid_edge_se2025", "siemens$PRODUCT$solid_edge_se2026", "siemens$PRODUCT$tecnomatix_plant_simulation"]}