Missing Server Certificate Validation in Siemens Advanced Licensing (SALT) Toolkit
Plan Patch8.1SSA-710408Dec 9, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
Multiple Siemens products contain improper certificate validation in the Siemens Advanced Licensing (SALT) Toolkit. The vulnerability is caused by missing server certificate validation (CWE-295), which could allow an unauthenticated remote attacker on the network to perform man-in-the-middle attacks against license server communications. An attacker positioned between a client and the SALT licensing server could present a forged certificate and intercept, modify, or deny license tokens, disrupting access to engineering and simulation software. Affected products include COMOS, JT Bi-Directional Translator, NX, Simcenter 3D, Simcenter Femap, Simcenter Studio, Simcenter System Architect, and Tecnomatix Plant Simulation.
What this means
What could happen
An attacker on the network could intercept license server communications for Siemens engineering and simulation tools, potentially altering license tokens or denying license service. This could prevent engineers from accessing design and simulation software, disrupting product development and engineering workflows.
Who's at risk
Organizations using Siemens engineering, design, and simulation software for product development should care about this vulnerability. Affected products include COMOS (used for planning and engineering of chemical and pharmaceutical plants), NX (mechanical design software), Simcenter suite (simulation and analysis tools), and Tecnomatix Plant Simulation (manufacturing simulation). Any organization using these tools for critical product development or manufacturing planning is at risk of license service disruption.
How it could be exploited
An attacker positioned on the network between an affected product and the Siemens SALT licensing server could perform a man-in-the-middle attack by presenting a forged server certificate. Since the product does not validate the certificate properly, it would accept the attacker's certificate and send license requests through the compromised connection, allowing the attacker to intercept, modify, or deny license tokens.
Prerequisites
- Network access to the data path between the affected product and the SALT licensing server
- Ability to intercept network traffic (e.g., ARP spoofing, DNS spoofing, or network position between client and server)
- No authentication credentials required
Remotely exploitableNo authentication requiredMan-in-the-middle attack vectorAffects engineering software licensingJT Bi-Directional Translator has no patch available
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (9)
8 with fix1 EOL
ProductAffected VersionsFix Status
COMOS V10.6< 10.6.110.6.1
NX V2412< 2412.89002412.8900
NX V2506< 2506.60002506.6000
Simcenter 3D< 2506.60002506.6000
JT Bi-Directional Translator for STEPAll versionsNo fix (EOL)
Simcenter Femap< 2506.00022506.0002
Simcenter Studio< 2506.00012506.0001
Simcenter System Architect< 2506.00012506.0001
Remediation & Mitigation
0/10
Schedule — requires maintenance window
0/8Patching may require device reboot — plan for process interruption
Simcenter 3D
HOTFIXUpdate Simcenter 3D to version 2506.6000 or later
Simcenter Femap
HOTFIXUpdate Simcenter Femap to version 2506.0002 or later
Simcenter Studio
HOTFIXUpdate Simcenter Studio to version 2506.0001 or later
Simcenter System Architect
HOTFIXUpdate Simcenter System Architect to version 2506.0001 or later
Tecnomatix Plant Simulation
HOTFIXUpdate Tecnomatix Plant Simulation to version 2504.0007 or later
All products
HOTFIXUpdate COMOS to version 10.6.1 or later
HOTFIXUpdate NX to version 2412.8900 or later (for V2412 installations)
HOTFIXUpdate NX to version 2506.6000 or later (for V2506 installations)
Mitigations - no patch available
0/2JT Bi-Directional Translator for STEP has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGFor JT Bi-Directional Translator (no fix available), implement network segmentation to isolate affected systems and restrict outbound SALT licensing traffic to trusted servers only
HARDENINGDeploy network monitoring to detect suspicious license server traffic or certificate validation failures
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8a861c2c-fafc-4fe3-b1bd-43cbfcc219e7