ID

VAR-202604-1914


CVE

CVE-2025-40745


TITLE

Siemens' Simcenter 3d Vulnerabilities related to certificate validation in multiple products, including

Trust: 0.8

sources: JVNDB: JVNDB-2026-021650

DESCRIPTION

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Man-in-the-Middle They may carry out an attack.- Some of the information handled by the software may be leaked to external parties. - No rewriting will occur to the information handled by the software. - The software will not stop

Trust: 1.62

sources: NVD: CVE-2025-40745 // JVNDB: JVNDB-2026-021650

AFFECTED PRODUCTS

vendor:siemensmodel:solid edge se2025scope:eqversion:225.0

Trust: 1.0

vendor:siemensmodel:simcenter femapscope:ltversion:2506.6000

Trust: 1.0

vendor:siemensmodel:solid edge se2026scope:ltversion:226.0

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:ltversion:2504.0008

Trust: 1.0

vendor:siemensmodel:solid edge se2026scope:eqversion:226.0

Trust: 1.0

vendor:siemensmodel:simcenter star-ccm\+ viewerscope:ltversion:2602

Trust: 1.0

vendor:siemensmodel:simcenter 3dscope:ltversion:2506.6000

Trust: 1.0

vendor:siemensmodel:software centerscope:ltversion:3.5.8.2

Trust: 1.0

vendor:siemensmodel:solid edge se2025scope:ltversion:225.0

Trust: 1.0

vendor:シーメンスmodel:simcenter 3dscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:solid edge se2025scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:software centerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:solid edge se2026scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simcenter femapscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simcenter star-ccm+ viewerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-021650 // NVD: CVE-2025-40745

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2025-40745
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2026-021650
value: LOW

Trust: 0.8

productcert@siemens.com: CVE-2025-40745
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-021650
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-021650 // NVD: CVE-2025-40745

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.0

problemtype:Illegal certificate verification (CWE-295) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-021650 // NVD: CVE-2025-40745

PATCH

title:SSA-981622url:https://cert-portal.siemens.com/productcert/html/ssa-981622.html

Trust: 0.8

sources: JVNDB: JVNDB-2026-021650

EXTERNAL IDS

db:NVDid:CVE-2025-40745

Trust: 2.6

db:SIEMENSid:SSA-981622

Trust: 1.0

db:JVNDBid:JVNDB-2026-021650

Trust: 0.8

sources: JVNDB: JVNDB-2026-021650 // NVD: CVE-2025-40745

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-981622.html

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-40745

Trust: 0.8

sources: JVNDB: JVNDB-2026-021650 // NVD: CVE-2025-40745

SOURCES

db:JVNDBid:JVNDB-2026-021650
db:NVDid:CVE-2025-40745

LAST UPDATE DATE

2026-07-04T23:17:25.770000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-021650date:2026-06-30T02:25:00
db:NVDid:CVE-2025-40745date:2026-06-29T14:03:06.570

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-021650date:2026-06-30T00:00:00
db:NVDid:CVE-2025-40745date:2026-04-14T09:16:34.683