Vulnerability DatabaseCVE-2025-40800

CVE-2025-40800:
Siemens Simcenter Femap vulnerability analysis and mitigation

A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026 (All versions < V226.0 Update 1). The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.

Source: NVD

Related Siemens Simcenter Femap vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-40801	CRITICAL	9.2	Siemens Tecnomatix Plant Simulation	cpe:2.3:a:siemens:simcenter_femap	No	Yes	Dec 09, 2025
CVE-2025-40800	CRITICAL	9.1	Siemens Simcenter Femap	cpe:2.3:a:siemens:simcenter_femap	No	Yes	Dec 09, 2025
CVE-2025-40829	HIGH	7.3	Siemens Simcenter Femap	cpe:2.3:a:siemens:simcenter_femap	No	Yes	Dec 12, 2025
CVE-2025-40764	HIGH	7.3	Siemens Simcenter Femap	cpe:2.3:a:siemens:simcenter_femap	No	Yes	Aug 12, 2025
CVE-2025-40762	HIGH	7.3	Siemens Simcenter Femap	cpe:2.3:a:siemens:simcenter_femap	No	Yes	Aug 12, 2025