CVE-2025-40745

LOW

Siemens Software Center <V3.5.8.2 - Auth Bypass

Title source: llm

Description

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

References (1)

https://cert-portal.siemens.com/productcert/html/ssa-981622.html

Scores

CVSS v3 3.7

EPSS 0.0002

EPSS Percentile 6.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-295

Status published

Products (7)

Siemens/Siemens Software Center < V3.5.8.2

Siemens/Simcenter 3D < V2506.6000

Siemens/Simcenter Femap < V2506.0002

Siemens/Simcenter STAR-CCM+ < V2602

Siemens/Solid Edge SE2025 < V225.0 Update 13

Siemens/Solid Edge SE2026 < V226.0 Update 04

Siemens/Tecnomatix Plant Simulation < V2504.0008

Published Apr 14, 2026

Tracked Since Apr 14, 2026