8.1
/ 10
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement (bundled as NX X)), NX V2506 (All versions < V2506.6000 with Cloud Entitlement (bundled as NX X)), Simcenter 3D (All versions < V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Femap (All versions < V2506.0002 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Studio (All versions), Simcenter System Architect (All versions), Tecnomatix Plant Simulation (All versions < V2504.0007). The SALT SDK is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.
Basic Information
ID
CVE-2025-40801
Source
siemens
Published
Dec 9, 2025 at 10:44
Affected Product
Vendor
Siemens
Product
COMOS V10.6
Affected Versions
Siemens COMOS V10.6 0
Siemens COMOS V10.6 0
Siemens JT Bi-Directional Translator for STEP 0
Siemens NX V2412 0
Siemens NX V2506 0
Siemens Simcenter 3D 0
Siemens Simcenter Femap 0
Siemens Simcenter Studio 0
Siemens Simcenter System Architect 0
Siemens Tecnomatix Plant Simulation 0
Siemens COMOS V10.6 0
Siemens JT Bi-Directional Translator for STEP 0
Siemens NX V2412 0
Siemens NX V2506 0
Siemens Simcenter 3D 0
Siemens Simcenter Femap 0
Siemens Simcenter Studio 0
Siemens Simcenter System Architect 0
Siemens Tecnomatix Plant Simulation 0