Missing Server Certificate Validation in IAM Client

Plan Patch7.4SSA-868571Dec 9, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Multiple Siemens products are affected by improper certificate validation in the IAM Client component. The IAM Client does not properly validate server certificates during authentication, allowing an attacker to intercept communications and perform man-in-the-middle attacks to capture credentials or forge authentication tokens. Affected products include COMOS V10.6, NX V2412 and V2506, Simcenter 3D, Simcenter Femap, and Solid Edge SE2025 and SE2026. Siemens has released patched versions for all affected products.

What this means

What could happen

An attacker positioned on the network between your workstation and the authentication server could intercept and modify login credentials or session tokens, gaining unauthorized access to design and engineering applications without needing valid credentials.

Who's at risk

Engineering and design teams using Siemens COMOS, NX, Simcenter 3D, Simcenter Femap, or Solid Edge for process design, simulation, and documentation. This impacts anyone who uses these tools on corporate networks to access authentication services, particularly relevant for companies performing engineering work on manufacturing or process control systems.

How it could be exploited

An attacker on the same network (or able to intercept network traffic, such as via ARP spoofing or DNS hijacking) presents a fake authentication server. The IAM Client does not validate the server's SSL/TLS certificate, so it connects and sends credentials or tokens to the attacker instead of the real server. The attacker captures these credentials or creates a valid session token to access the application.

Prerequisites

Network position allowing interception of traffic between the workstation and IAM server (same network, compromised router, or DNS control)
Target must connect to the IAM service using one of the affected products

Remotely exploitableNo authentication requiredLow complexity attack (man-in-the-middle)Affects engineering workstations with access to control system design data

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

COMOS V10.6< 10.6.110.6.1

NX V2412< 2412.87002412.8700

NX V2506< 2506.60002506.6000

Simcenter 3D< 2506.60002506.6000

Simcenter Femap< 2506.00022506.0002

Solid Edge SE2025All versions < V225.0 Update 10225.0 Update 10

Solid Edge SE2026All versions < V226.0 Update 1226.0 Update 1

Remediation & Mitigation

0/9

Schedule — requires maintenance window

0/7

Patching may require device reboot — plan for process interruption

NX V2412

HOTFIXUpdate NX V2412 to version 2412.8700 or later

NX V2506

HOTFIXUpdate NX V2506 to version 2506.6000 or later

Simcenter 3D

HOTFIXUpdate Simcenter 3D to version 2506.6000 or later

Simcenter Femap

HOTFIXUpdate Simcenter Femap to version 2506.0002 or later

Solid Edge SE2025

HOTFIXUpdate Solid Edge SE2025 to version 225.0 Update 10 or later

Solid Edge SE2026

HOTFIXUpdate Solid Edge SE2026 to version 226.0 Update 1 or later

All products

HOTFIXUpdate COMOS to version 10.6.1 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate engineering workstations from untrusted networks

HARDENINGUse VPN or encrypted tunnels for remote engineering workstation access

CVEs (1)

CVE-2025-40800

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9926fd57-e554-46c6-bef9-8bf6fc3e0545