Improper Certificate Validation Vulnerability in Siemens Analytics Toolkit

Low RiskCVSS 3.7SSA-981622Apr 14, 2026

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Multiple Siemens applications have improper certificate validation in the Siemens Analytics Toolkit. Affected products include Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025, Solid Edge SE2026, and Tecnomatix Plant Simulation. An unauthenticated remote attacker on the network could perform man-in-the-middle attacks to intercept communications between these tools and Siemens servers. Siemens has released patches for all affected products.

What this means

What could happen

An attacker on the network could intercept communications between Siemens design and simulation tools and their servers, potentially eavesdropping on sensitive design data or credentials used by engineering teams.

Who's at risk

This affects engineering and simulation workstations running Siemens design tools (Solid Edge, Simcenter, Tecnomatix). Any organization using these CAD/simulation/manufacturing planning tools for process design, product development, or plant layout should apply the patches.

How it could be exploited

An attacker positioned on the network between a user's workstation and Siemens servers could perform a man-in-the-middle attack by presenting a forged SSL certificate. The affected tools do not properly validate the certificate, allowing the attacker to intercept and read encrypted traffic without detection.

Prerequisites

Network access to communications between affected Siemens tools and Siemens servers (no authentication required)
Ability to intercept or redirect network traffic (e.g., ARP spoofing, DNS hijacking, compromised network segment)

Remotely exploitableNo authentication requiredAffects design/engineering confidentiality

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

Software Center< 3.5.8.23.5.8.2

Simcenter 3D< 2506.60002506.6000

Simcenter Femap< 2506.00022506.0002

Simcenter STAR-CCM+< 26022602

Solid Edge SE2025All versions < V225.0 Update 13225.0 Update 13

Solid Edge SE2026All versions < V226.0 Update 04226.0 Update 04

Tecnomatix Plant Simulation< 2504.00082504.0008

Remediation & Mitigation

0/7

Schedule — requires maintenance window

0/7

Patching may require device reboot — plan for process interruption

Solid Edge SE2025

HOTFIXUpdate Solid Edge SE2025 to Version 225.0 Update 13 or later

Solid Edge SE2026

HOTFIXUpdate Solid Edge SE2026 to Version 226.0 Update 04 or later

Tecnomatix Plant Simulation

HOTFIXUpdate Tecnomatix Plant Simulation to version 2504.0008 or later

Simcenter STAR-CCM+

HOTFIXUpdate Simcenter STAR-CCM+ to version 2602 or later

Simcenter Femap

HOTFIXUpdate Simcenter Femap to version 2506.0002 or later

Simcenter 3D

HOTFIXUpdate Simcenter 3D to version 2506.6000 or later

Software Center

HOTFIXUpdate Software Center to version 3.5.8.2 or later

CVEs (1)

CVE-2025-40745

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d55c86c2-4f85-4fcd-a33e-e7ccb69c3cdc

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.