CVE-2025-40800 is a vulnerability classified under CWE-295 (Improper Certificate Validation) found in several Siemens products including COMOS V10.6 (all versions prior to 10.6.1), NX V2412 and V2506, Simcenter 3D, Simcenter Femap, and Solid Edge SE2025 and SE2026 before their respective update versions. The root cause is the IAM client’s failure to properly validate the server’s TLS certificate when establishing secure connections to the authorization server. This improper validation allows an attacker positioned on the network path to perform a man-in-the-middle (MitM) attack, intercepting or manipulating sensitive authorization communications. The vulnerability affects the confidentiality and integrity of data exchanged during authentication and authorization processes. The CVSS v3.1 base score is 7.4, reflecting a high severity with network attack vector, high attack complexity, no privileges or user interaction required, and impact on confidentiality and integrity but not availability. Although no exploits have been reported in the wild, the vulnerability poses a significant risk to organizations relying on these Siemens products for industrial design, engineering, and manufacturing workflows. The lack of server certificate validation is a critical security oversight in the IAM client implementation that must be addressed promptly.

The vulnerability could allow attackers to intercept and manipulate authentication and authorization data between Siemens clients and their servers, potentially leading to unauthorized access, data leakage, or session hijacking. This compromises the confidentiality and integrity of sensitive industrial and engineering data, which could disrupt design processes, intellectual property protection, and operational security. Organizations using affected Siemens software in critical infrastructure, manufacturing, or industrial control environments face increased risk of espionage, sabotage, or intellectual property theft. The absence of availability impact reduces the likelihood of direct denial-of-service, but the integrity and confidentiality breaches alone can cause significant operational and reputational damage. Given the widespread use of Siemens products in industrial sectors globally, the threat has broad implications for supply chain security and industrial cybersecurity.

1. Apply Siemens-provided patches and updates as soon as they become available for all affected products to ensure proper certificate validation is enforced. 2. Until patches are deployed, restrict network access to authorization servers by implementing network segmentation and firewall rules to limit exposure to untrusted networks. 3. Employ TLS inspection and monitoring tools to detect anomalous TLS handshakes or certificate anomalies indicative of MitM attempts. 4. Use endpoint security solutions capable of detecting suspicious network activity related to the IAM client. 5. Educate IT and security teams about this vulnerability to prioritize monitoring and incident response readiness. 6. Consider deploying additional authentication mechanisms such as multi-factor authentication (MFA) to reduce risk from compromised authorization sessions. 7. Review and harden network infrastructure to prevent unauthorized interception, including use of VPNs or dedicated secure channels for sensitive communications. 8. Maintain an inventory of affected Siemens software versions to ensure comprehensive remediation coverage.