CVE-2025-40745Improper Certificate Validation in Siemens Software Center

CWE-295Improper Certificate ValidationCWE-190Integer Overflow or Wraparound4 documents4 sources
Severity
6.3MEDIUMNVD
EPSS
0.0%
top 95.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Siemens Software CenterSiemens Simcenter 3DSiemens Simcenter Femap+4 more
Timeline
PublishedApr 14

Description

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This co

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages7 packages

CVEListV5siemens/simcenter_femap< V2506.0002
CVEListV5siemens/solid_edge_se2025< V225.0 Update 13
CVEListV5siemens/solid_edge_se2026< V226.0 Update 04
CVEListV5siemens/simcenter_star-ccm< V2602
CVEListV5siemens/simcenter_3d< V2506.6000

🔴Vulnerability Details

2
CVEList
CVE-2025-40745: A vulnerability has been identified in Siemens Software Center (All versions < V32026-04-14
GHSA
GHSA-vv4w-99g8-93pp: A vulnerability has been identified in Siemens Software Center (All versions < V32026-04-14

📋Vendor Advisories

1
Microsoft
Libtiff: integer overflow in tiffcp.c2023-10-10
CVE-2025-40745 — Improper Certificate Validation | cvebase