CVE-2025-40745

LOW(3.7)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Risk Signal Score9/100 — NIEDRIG

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

3.7

Technische Schwere

Beschreibung

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

Referenzen

https://cert-portal.siemens.com/productcert/html/ssa-981622.html