CVE-2025-40801

Name of the Vulnerable Software and Affected Versions COMOS versions prior to V10.6.8900 with Cloud Entitlement (bundled as NX X) COMOS versions prior to V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical) JT Bi-Directional Translator for STEP (affected versions not specified) NX versions prior to V2412.8900 with Cloud Entitlement (bundled as NX X) NX versions prior to V2506.6000 with Cloud Entitlement (bundled as NX X) Simcenter 3D versions prior to V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical) Simcenter Femap versions prior to V2506.0002 with Cloud Entitlement (bundled as Simcenter X Mechanical) Simcenter Studio (affected versions not specified) Simcenter System Architect (affected versions not specified) Tecnomatix Plant Simulation versions prior to V2504.0007

Description The SALT SDK lacks server certificate validation when creating TLS connections to the authorization server. This condition could enable an attacker to conduct a man-in-the-middle attack.

Recommendations COMOS versions prior to V10.6.8900 with Cloud Entitlement (bundled as NX X): Update to version V10.6.8900 or later with Cloud Entitlement. COMOS versions prior to V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical): Update to version V2506.6000 or later with Cloud Entitlement. JT Bi-Directional Translator for STEP: At the moment, there is no information about a newer version that contains a fix for this vulnerability. NX versions prior to V2412.8900 with Cloud Entitlement (bundled as NX X): Update to version V2412.8900 or later with Cloud Entitlement. NX versions prior to V2506.6000 with Cloud Entitlement (bundled as NX X): Update to version V2506.6000 or later with Cloud Entitlement. Simcenter 3D versions prior to V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical): Update to version V2506.6000 or later with Cloud Entitlement. Simcenter Femap versions prior to V2506.0002 with Cloud Entitlement (bundled as Simcenter X Mechanical): Update to version V2506.0002 or later with Cloud Entitlement. Simcenter Studio: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Simcenter System Architect: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Tecnomatix Plant Simulation versions prior to V2504.0007: Update to version V2504.0007 or later.