CVE-2025-40745
Multiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Analytics Toolkit are affected: Siemens Software Center vers:intdot/Simcenter 3D vers:intdot/Simcenter Femap vers:intdot/Simcenter STAR-CCM+ vers:intdot/Solid Edge SE2025 Solid Edge SE2026 Tecnomatix Plant Simulation vers:intdot/ CVSS Vendor Equipment Vulnerabilities v3 3.7 Siemens Siemens Analytics Toolkit Improper Certificate Validation Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany
EPSS 0.02% · 7.3th percentile
Risk Scores
Exploit Intelligence
- CIRCL seen: CVE-2025-40745 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-981622.html (circl)
Timeline
- Apr 14, 2026 CVE Published
- Apr 14, 2026 PoC Published
- Apr 14, 2026 Security Advisory
- Apr 14, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-04 advisory
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-04.json advisory
- https://www.cve.org/CVERecord?id=CVE-2025-40745 technical
- https://support.sw.siemens.com/product/246738425/ vendor
- https://support.sw.siemens.com/product/297028302/ vendor
- https://support.sw.siemens.com/product/275652363/ vendor
- https://support.sw.siemens.com/product/289054037/ vendor
- https://support.sw.siemens.com/product/226870983/ vendor
- https://www.sw.siemens.com/en-US/siemens-software-center/ vendor
- https://cwe.mitre.org/data/definitions/295.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N technical