OTPulse
FeedAboutContact

Improper Certificate Validation Vulnerability in Solid Edge

Plan Patch7.5SSA-522291Nov 11, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Solid Edge SE2025 contains an improper certificate validation vulnerability in its connection to the Siemens License Service endpoint. An unauthenticated remote attacker could perform man-in-the-middle attacks to intercept communications and read sensitive license or credential information. The vulnerability affects all versions prior to 225.0 Update 11.

What this means
What could happen
An attacker could intercept communications between Solid Edge and its License Service to read sensitive data like license information or credentials. However, this affects only design/engineering workstations, not production OT systems or PLCs.
Who's at risk
Engineering teams using Solid Edge SE2025 for CAD/design work on industrial equipment including control systems. This affects design workstations and engineering networks, not operational equipment like PLCs, RTUs, or field devices.
How it could be exploited
An attacker positioned on the network between a Solid Edge workstation and the Siemens License Service (man-in-the-middle) could intercept unencrypted or improperly validated HTTPS traffic. The attacker would need network access to the path between the workstation and the license server, typically on the engineering LAN.
Prerequisites
  • Network access to traffic between Solid Edge workstation and Siemens License Service endpoint
  • Solid Edge SE2025 version earlier than 225.0 Update 11
  • License validation must be performed (typical during startup or periodic checks)
remotely exploitableno authentication requiredlow complexityaffects engineering/design systems
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Solid Edge SE2025All versions < V225.0 Update 11225.0 Update 11
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Solid Edge SE2025 to version 225.0 Update 11 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/35dbb3c9-192e-49ab-9ff9-e6bd713cfc3c