Siemens IAM Client

Plan Patch7.4ICS-CERT ICSA-25-345-04Dec 9, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Multiple Siemens products are affected by improper certificate validation in IAM Client (CWE-295). This vulnerability allows an unauthenticated remote attacker to perform man-in-the-middle (MITM) attacks by intercepting and manipulating communications. The affected products include COMOS, NX, Simcenter 3D, Simcenter Femap, and Solid Edge design and engineering software. Most products have vendor fixes available; COMOS V10.6 currently has no patch.

What this means

What could happen

An attacker positioned on the network between your workstation and Siemens servers could intercept communications from the IAM Client, potentially stealing credentials or injecting malicious commands into design or engineering workflows. This could compromise the integrity of engineering data or give an attacker access to engineering workstations.

Who's at risk

Organizations using Siemens design and engineering software should care about this vulnerability. Affected users include engineering teams and CAD/PLM workstations running COMOS V10.6, NX (V2412/V2506), Simcenter 3D, Simcenter Femap, and Solid Edge (SE2025/SE2026). While not directly an OT control system, compromise of engineering workstations can lead to tampering with manufacturing designs, process parameters, or firmware before deployment to production systems.

How it could be exploited

An attacker must position themselves on the network path between a user's workstation running one of the affected Siemens products and the IAM authentication servers. The attacker exploits improper certificate validation to intercept HTTPS traffic, bypass authentication, or modify communications in transit. This is a classic MITM attack against the IAM Client component.

Prerequisites

Network position between affected workstation and Siemens servers (e.g., shared network, compromised router, or DNS hijacking)
Target workstation must be running one of the affected Siemens products
No valid user credentials required to perform the MITM attack

Remotely exploitableNo authentication required for MITMHigh attack complexity (requires network positioning)Affects engineering and design workstations

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

COMOS V10.6< 10.6.110.6.1

NX V2412< 2412.87002412.8700

NX V2506< 2506.60002506.6000

Simcenter 3D< 2506.60002506.6000

Simcenter Femap< 2506.00022506.0002

Solid Edge SE2025<V225.0 Update 10225.0 Update 10

Solid Edge SE2026<V226.0 Update 1226.0 Update 1

Remediation & Mitigation

0/10

Do now

0/1

COMOS V10.6

WORKAROUNDFor COMOS V10.6: isolate affected workstations from untrusted networks until a patch is released; consider retiring or replacing this unsupported version

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

NX V2412

HOTFIXUpdate NX V2412 to version 2412.8700 or later

NX V2506

HOTFIXUpdate NX V2506 to version 2506.6000 or later

Simcenter 3D

HOTFIXUpdate Simcenter 3D to version 2506.6000 or later

Simcenter Femap

HOTFIXUpdate Simcenter Femap to version 2506.0002 or later

Solid Edge SE2025

HOTFIXUpdate Solid Edge SE2025 to version 225.0 Update 10 or later

Solid Edge SE2026

HOTFIXUpdate Solid Edge SE2026 to version 226.0 Update 1 or later

Long-term hardening

0/3

HARDENINGImplement network segmentation to isolate engineering workstations from general business networks and the internet

HARDENINGConfigure firewalls to restrict outbound connections from engineering workstations to only necessary Siemens authentication and services servers

HARDENINGIf remote access to engineering workstations is required, use VPN connections with strong encryption and certificate pinning validation

CVEs (1)

CVE-2025-40800

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close