Siemens Software Center and Simcenter Products Allow Man-in-the-Middle Attacks

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.3

Siemens Software Center and Simcenter Products Allow Man-in-the-Middle Attacks

CVE-2025-40745

Summary

Siemens' software center and certain engineering tools, including Simcenter 3D and Femap, are at risk of being exploited by hackers who can intercept sensitive communications. This could allow unauthorized access to sensitive data. To protect your system, update to the latest version of these software products as soon as possible, or apply the relevant patch if available.

Original title

Original description

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

nvd CVSS3.1 3.7

nvd CVSS4.0 6.3

Vulnerability type

CWE-295 Improper Certificate Validation

https://cert-portal.siemens.com/productcert/html/ssa-981622.html

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026