CVE-2025-40800 is a vulnerability identified in Siemens COMOS V10.6 and several related products including NX, Simcenter 3D, Simcenter Femap, and Solid Edge versions prior to specified updates. The root cause is improper certificate validation (CWE-295) within the IAM client component responsible for establishing TLS connections to the authorization server. Specifically, the IAM client fails to properly validate the server's TLS certificate, which undermines the trust model of the TLS protocol. This flaw allows an attacker positioned on the network path between the client and the authorization server to perform a man-in-the-middle (MitM) attack. Through such an attack, the adversary can intercept, read, or modify sensitive data exchanged during the authentication and authorization process. The vulnerability affects all versions of COMOS V10.6 and multiple versions of Siemens NX, Simcenter, and Solid Edge products prior to certain patch levels. Exploitation requires network access but no privileges or user interaction, making it relatively straightforward in a hostile network environment. The CVSS v3.1 base score of 7.4 reflects a high severity rating, with the vector indicating network attack vector, high attack complexity, no privileges required, no user interaction, unchanged scope, and high impact on confidentiality and integrity but no impact on availability. No public exploits are known at this time, but the vulnerability poses a significant risk to industrial and engineering environments relying on these Siemens products for critical design and operational workflows.

The vulnerability compromises the confidentiality and integrity of communications between Siemens software clients and their authorization servers. For European organizations, especially those in manufacturing, industrial automation, and engineering sectors that heavily use Siemens COMOS, NX, Simcenter, and Solid Edge products, this could lead to unauthorized interception and manipulation of sensitive design data, intellectual property, and operational commands. Such breaches could result in industrial espionage, sabotage, or disruption of critical infrastructure projects. The lack of certificate validation undermines trust in secure communications, potentially allowing attackers to inject malicious commands or exfiltrate sensitive information without detection. Given the strategic importance of manufacturing and industrial sectors in countries like Germany, France, and Italy, the impact could extend to national economic security and critical infrastructure resilience. Additionally, compromised engineering data could delay projects, increase costs, and damage reputations.

1. Siemens should urgently release patches or updates that enforce proper certificate validation in the IAM client across all affected products. 2. Until patches are available, organizations should implement network-level protections such as TLS interception detection, strict firewall rules limiting access to authorization servers, and network segmentation to reduce exposure. 3. Employ certificate pinning or manual certificate validation workarounds if supported by the software or through custom configurations. 4. Monitor network traffic for anomalies indicative of MitM attacks, including unexpected certificate changes or TLS handshake irregularities. 5. Educate IT and security teams about the vulnerability to ensure rapid detection and response. 6. Review and harden the supply chain and update management processes to ensure timely application of Siemens updates. 7. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect MitM attack patterns targeting TLS sessions. 8. Engage with Siemens support for guidance and to confirm patch availability and deployment strategies.