BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·44d ago

Siemens Analytics Toolkit

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-04.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Multiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. /strong /p p The following versions of Siemens Analytics Toolkit are affected: /p ul li Siemens Software Center vers:intdot/ lt;3.5.8.2 (CVE-2025-40745) /li li Simcenter 3D vers:intdot/ lt;2506.6000 (CVE-2025-40745) /li li Simcenter Femap vers:intdot/ lt;2506.0002 (CVE-2025-40745) /li li Simcenter STAR-CCM+ vers:intdot/ lt;2602 (CVE-2025-40745) /li li Solid Edge SE2025 /li li Solid Edge SE2026 /li li Tecnomatix Plant Simulation vers:intdot/ lt;2504.0008 (CVE-2025-40745) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 3.7 /td td Siemens /td td Siemens Analytics Toolkit /td td Improper Certificate Validation /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-40745 /a /h3 div class="csaf-accordion-content" p Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-40745" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens Analytics Toolkit /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025, Solid Edge SE2026, Tecnomatix Plant Simulation /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Update to V225.0 Update 13 or later version br a href="https://support.sw.siemens.com/product/246738425/" https://support.sw.siemens.com/product/246738425/ /a /p p strong Vendor fix /strong br Update to V226.0 Update 04 or later version br a href="https://support.sw.siemens.com/product/246738425/" https://support.sw.siem

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-04

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin