Platform
siemens
Component
siemens-software-center
Fixed in
3.5.8.2
CVE-2025-40745 is a vulnerability affecting Siemens Software Center and related products like Simcenter, Solid Edge, and Tecnomatix. This issue stems from inadequate validation of client certificates when connecting to the Analytics Service endpoint, potentially enabling man-in-the-middle attacks. Affected versions include Siemens Software Center versions before V3.5.8.2, and various versions of Simcenter, Solid Edge, and Tecnomatix as detailed in the advisory. A fix is available in Siemens Software Center V2602.
The primary impact of CVE-2025-40745 is the potential for man-in-the-middle (MITM) attacks. An attacker who can intercept and manipulate network traffic between a client and the Analytics Service endpoint could eavesdrop on sensitive data, inject malicious commands, or impersonate legitimate users. This could lead to data breaches, unauthorized access to systems, and disruption of operations. The vulnerability's low CVSS score reflects the requirement for an unauthenticated attacker to successfully exploit it, but the potential impact on confidentiality and integrity remains significant, particularly in environments where sensitive data is transmitted over the Analytics Service.
This vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, suggesting a low probability of immediate exploitation. The vulnerability was publicly disclosed on 2026-04-14. Given the requirement for an unauthenticated attacker, the exploitation probability remains relatively low, but diligent monitoring and patching are still recommended.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-40745 is to upgrade affected Siemens Software Center and related products to versions where the vulnerability has been addressed. Specifically, upgrade to Siemens Software Center V2602 or later. If immediate upgrading is not feasible, consider implementing network segmentation to isolate the Analytics Service endpoint and restrict access to authorized clients only. Review and strengthen certificate validation policies within the Analytics Service configuration. Monitor network traffic for suspicious activity indicative of MITM attacks. After upgrade, confirm by verifying the Analytics Service endpoint is enforcing proper certificate validation.
Update Siemens Software Center to version 3.5.8.2 or later to mitigate the vulnerability. This update addresses the improper client certificate validation, preventing potential man-in-the-middle attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-40745 is a vulnerability in Siemens Software Center and related products allowing unauthenticated attackers to perform man-in-the-middle attacks due to improper client certificate validation.
You are affected if you are using Siemens Software Center versions prior to V2602, or vulnerable versions of Simcenter, Solid Edge, or Tecnomatix as detailed in the advisory.
Upgrade to Siemens Software Center V2602 or later to remediate the vulnerability. Consider network segmentation and certificate validation policy strengthening as interim measures.
There are currently no confirmed reports of active exploitation, but diligent monitoring and patching are recommended.
Refer to the official Siemens Security Advisory for detailed information and mitigation guidance: [https://www.siemens.com/global/en/support/security/industrial/details.html?id=CVE-2025-40745]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.