CVE-2025-40745

MEDIUM EPSS 3.5%

Published Apr 14, 20262mo ago · Modified Jun 29, 2026today

6.3 CVSS 4.0

Medium

Published Apr 14, 2026 2mo ago

Last Modified Jun 29, 2026 today

Description

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

CVSS Details

Base Score

6.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

3.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-295

Affected Products 24

Vendor	Product	Version	Range
siemens	simcenter_3d	*	<2506.6000
siemens	simcenter_femap	*	<2506.6000
siemens	simcenter_star-ccm\+_viewer	*	<2602
siemens	software_center	*	<3.5.8.2
siemens	solid_edge_se2025	*	<225.0
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2025	225.0	any
siemens	solid_edge_se2026	*	<226.0
siemens	solid_edge_se2026	226.0	any
siemens	solid_edge_se2026	226.0	any
siemens	solid_edge_se2026	226.0	any
siemens	solid_edge_se2026	226.0	any
siemens	tecnomatix_plant_simulation	*	<2504.0008

References 1

cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-981622.html

MitigationVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.