CVE-2025-40745

Name of the Vulnerable Software and Affected Versions Siemens Software Center versions prior to V3.5.8.2 Simcenter 3D versions prior to V2506.6000 Simcenter Femap versions prior to V2506.0002 Simcenter STAR-CCM+ versions prior to V2602 Solid Edge SE2025 versions prior to V225.0 Update 13 Solid Edge SE2026 versions prior to V226.0 Update 04 Tecnomatix Plant Simulation versions prior to V2504.0008

Description Applications do not properly validate client certificates when connecting to the 'Analytics Service' endpoint. This flaw allows an unauthenticated remote attacker to perform man-in-the-middle attacks, which occurs when an attacker intercepts and potentially alters communication between two parties.

Recommendations Update Siemens Software Center to version V3.5.8.2 or later. Update Simcenter 3D to version V2506.6000 or later. Update Simcenter Femap to version V2506.0002 or later. Update Simcenter STAR-CCM+ to version V2602 or later. Update Solid Edge SE2025 to version V225.0 Update 13 or later. Update Solid Edge SE2026 to version V226.0 Update 04 or later. Update Tecnomatix Plant Simulation to version V2504.0008 or later.