CVE-2025-40745
Published: Apr 14, 2026
Modified: Apr 14, 2026
CVSS v3.1
3.7
Description
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.
| Vendor | Product | Versions |
|---|---|---|
Siemens | Siemens Software Center | affected 0 - < V3.5.8.2 |
Siemens | Simcenter 3D | affected 0 - < V2506.6000 |
Siemens | Simcenter Femap | affected 0 - < V2506.0002 |
Siemens | Simcenter STAR-CCM+ | affected 0 - < V2602 |
Siemens | Solid Edge SE2025 | affected 0 - < V225.0 Update 13 |
Siemens | Solid Edge SE2026 | affected 0 - < V226.0 Update 04 |
Siemens | Tecnomatix Plant Simulation | affected 0 - < V2504.0008 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now