CVE-2025-40745

EUVD-2025-209431
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
siemenssimcenter_3d
𝑥
< 2506.6000
siemenssimcenter_femap
𝑥
< 2506.6000
siemenssimcenter_star-ccm\+_viewer
𝑥
< 2602
siemenssoftware_center
𝑥
< 3.5.8.2
siemenssolid_edge_se2025
𝑥
< 225.0
siemenssolid_edge_se2025
225.0
siemenssolid_edge_se2025
225.0:update_0001
siemenssolid_edge_se2025
225.0:update_0002
siemenssolid_edge_se2025
225.0:update_0003
siemenssolid_edge_se2025
225.0:update_0004
siemenssolid_edge_se2025
225.0:update_0005
siemenssolid_edge_se2025
225.0:update_0006
siemenssolid_edge_se2025
225.0:update_0007
siemenssolid_edge_se2025
225.0:update_0008
siemenssolid_edge_se2025
225.0:update_0009
siemenssolid_edge_se2025
225.0:update_0010
siemenssolid_edge_se2025
225.0:update_0011
siemenssolid_edge_se2025
225.0:update_0012
siemenssolid_edge_se2026
𝑥
< 226.0
siemenssolid_edge_se2026
226.0
siemenssolid_edge_se2026
226.0:update_1
siemenssolid_edge_se2026
226.0:update_2
siemenssolid_edge_se2026
226.0:update_3
siemenstecnomatix_plant_simulation
𝑥
< 2504.0008
𝑥
= Vulnerable software versions