CVE-2025-40745

April 14, 2026, 9:16 a.m.

6.3
Medium

Description

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

Product(s) Impacted

Vendor Product Versions
Siemens
  • Siemens Software Center
  • Simcenter 3d
  • Simcenter Femap
  • Simcenter Star-ccm+
  • Solid Edge Se2025
  • Solid Edge Se2026
  • Tecnomatix Plant Simulation
  • <3.5.8.2
  • <V2506.6000
  • <V2506.0002
  • <V2602
  • <V225.0_update_13
  • <V226.0_update_04
  • <V2504.0008

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a siemens siemens_software_center <3.5.8.2 / / / / / / /
a siemens simcenter_3d <V2506.6000 / / / / / / /
a siemens simcenter_femap <V2506.0002 / / / / / / /
a siemens simcenter_star-ccm+ <V2602 / / / / / / /
a siemens solid_edge_se2025 <V225.0_update_13 / / / / / / /
a siemens solid_edge_se2026 <V226.0_update_04 / / / / / / /
a siemens tecnomatix_plant_simulation <V2504.0008 / / / / / / /

References

https://cert-portal.siemens.com/productcert/html/ssa-981622.html

Tags

CWE-295
[email protected]
2026-04-14
CVE-2025-40745

CVSS Score

6.3 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: PRESENT
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: April 14, 2026, 9:16 a.m.
Last Modified: April 14, 2026, 9:16 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.