Siemens IAM Client

Plan PatchCVSS 7.4ICS-CERT ICSA-25-345-04Dec 9, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Multiple Siemens products (COMOS, NX, Simcenter 3D, Simcenter Femap, Solid Edge) contain improper SSL/TLS certificate validation in their IAM Client component. This allows an attacker in a man-in-the-middle position to impersonate the identity management service and intercept authentication and encrypted data exchanges without being detected by the client application.

What this means

What could happen

An attacker could intercept communications between these Siemens applications and their identity management backend by impersonating the IAM service, potentially gaining unauthorized access to sensitive design and engineering data or modifying project information without detection.

Who's at risk

Engineering teams and design departments using Siemens CAD/CAM/CAE products (NX, Solid Edge, Simcenter, COMOS) are affected. These products are commonly deployed in manufacturing planning, product design, and industrial process engineering. The vulnerability affects authentication to Siemens identity management services used by these tools.

How it could be exploited

The attacker must be positioned on the network path between the affected Siemens application and the IAM service (man-in-the-middle position). They present a forged SSL/TLS certificate that the vulnerable IAM Client accepts without proper validation. Once accepted, the attacker can intercept and modify authentication and data exchange traffic.

Prerequisites

Network position between the affected application and IAM service (man-in-the-middle capability, e.g., compromised network segment or ARP spoofing)
Knowledge that the target is running a vulnerable version of the affected Siemens application

Remotely exploitableNo authentication required for the MITM attack itselfHigh attack complexity reduces practical riskAffects IT engineering tools that may access OT design data

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

COMOS V10.6< 10.6.110.6.1

NX V2412< 2412.87002412.8700

NX V2506< 2506.60002506.6000

Simcenter 3D< 2506.60002506.6000

Simcenter Femap< 2506.00022506.0002

Solid Edge SE2025<V225.0 Update 10225.0 Update 10

Solid Edge SE2026<V226.0 Update 1226.0 Update 1

Remediation & Mitigation

0/8

Schedule — requires maintenance window

0/7

Patching may require device reboot — plan for process interruption

COMOS V10.6

HOTFIXUpdate COMOS V10.6 to version 10.6.1 or later

NX V2412

HOTFIXUpdate NX V2412 to version 2412.8700 or later

NX V2506

HOTFIXUpdate NX V2506 to version 2506.6000 or later

Simcenter 3D

HOTFIXUpdate Simcenter 3D to version 2506.6000 or later

Simcenter Femap

HOTFIXUpdate Simcenter Femap to version 2506.0002 or later

Solid Edge SE2025

HOTFIXUpdate Solid Edge SE2025 to V225.0 Update 10 or later

Solid Edge SE2026

HOTFIXUpdate Solid Edge SE2026 to V226.0 Update 1 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate workstations running these applications from untrusted network segments and restrict network access to IAM services

CVEs (1)

CVE-2025-40800

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/99a8c634-4874-49d7-8829-bfb5a218e68e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.