Description
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.
Published: 2026-04-14
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Man‑in‑the‑middle via client‑certificate validation flaw
Action: Patch
AI Analysis

Impact

Affected Siemens Software Center and related products do not properly validate client certificates when connecting to the Analytics Service endpoint. This certificate or key management flaw (CWE‑295) allows an unauthenticated remote attacker to intercept or tamper with traffic, compromising confidentiality and integrity of transmitted data.

Affected Systems

Siemens Software Center (all versions earlier than V3.5.8.2), Simcenter 3D (all versions earlier than V2506.6000), Simcenter Femap (all versions earlier than V2506.0002), Simcenter STAR‑CCM+ (all versions earlier than V2602), Solid Edge SE2025 (all versions earlier than V225.0 Update 13), Solid Edge SE2026 (all versions earlier than V226.0 Update 04), and Tecnomatix Plant Simulation (all versions earlier than V2504.0008).

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity, and the lack of an EPSS score makes the exact likelihood of exploitation uncertain. The vulnerability is not listed in the CISA KEV catalog. Because no authentication is required, the most plausible attack vector involves a remote attacker exploiting the Analytics Service endpoint over the network, permitting session hijacking or data manipulation.

Generated by OpenCVE AI on April 14, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Siemens Software Center to version V3.5.8.2 or newer
  • Update Simcenter 3D to version V2506.6000 or newer
  • Update Simcenter Femap to version V2506.0002 or newer
  • Update Simcenter STAR‑CCM+ to version V2602 or newer
  • Update Solid Edge SE2025 to version V225.0 Update 13 or newer
  • Update Solid Edge SE2026 to version V226.0 Update 04 or newer
  • Update Tecnomatix Plant Simulation to version V2504.0008 or newer

Generated by OpenCVE AI on April 14, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Improper Client‑Certificate Validation Enables Man‑in‑the‑Middle Attacks in Siemens Software Products

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens simcenter 3d
Siemens simcenter Femap
Siemens simcenter Star-ccm\+
Siemens software Center
Siemens solid Edge Se2025
Siemens solid Edge Se2026
Siemens tecnomatix Plant Simulation
Vendors & Products Siemens
Siemens simcenter 3d
Siemens simcenter Femap
Siemens simcenter Star-ccm\+
Siemens software Center
Siemens solid Edge Se2025
Siemens solid Edge Se2026
Siemens tecnomatix Plant Simulation

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Simcenter 3d Simcenter Femap Simcenter Star-ccm\+ Software Center Solid Edge Se2025 Solid Edge Se2026 Tecnomatix Plant Simulation
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-04-14T13:38:29.751Z

Reserved: 2025-04-16T08:39:30.030Z

Link: CVE-2025-40745

cve-icon Vulnrichment

Updated: 2026-04-14T13:38:03.182Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-14T09:16:34.683

Modified: 2026-04-17T15:18:16.507

Link: CVE-2025-40745

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:30:41Z

Weaknesses