VDB

CVE-2025-40745

CVE-2025-40745 PUBLISHED CVSS 3.700000047683716 LOW

Multiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Analytics Toolkit are affected: Siemens Software Center vers:intdot/Simcenter 3D vers:intdot/Simcenter Femap vers:intdot/Simcenter STAR-CCM+ vers:intdot/Solid Edge SE2025 Solid Edge SE2026 Tecnomatix Plant Simulation vers:intdot/ CVSS Vendor Equipment Vulnerabilities v3 3.7 Siemens Siemens Analytics Toolkit Improper Certificate Validation Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany

EPSS 0.02% · 7.3th percentile

Risk Scores

CVSS 3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.02%
7.3th percentile

Timeline

  • Apr 14, 2026 CVE Published
  • Apr 14, 2026 PoC Published
  • Apr 14, 2026 Security Advisory
  • Apr 14, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›