CVE-2025-40800 is a vulnerability classified under CWE-295 (Improper Certificate Validation) affecting Siemens COMOS V10.6 and several other Siemens engineering software products including NX, Simcenter 3D, Simcenter Femap, and Solid Edge versions prior to specific updates. The root cause is the IAM client’s failure to properly validate the server’s TLS certificate when establishing secure connections to the authorization server. This improper validation allows an attacker positioned as a man-in-the-middle to intercept, modify, or spoof communications between the client and server. Since the IAM client handles authorization, this can lead to unauthorized access, credential theft, or session hijacking. The vulnerability affects all versions of COMOS V10.6 and earlier versions of the other listed products before their respective patch levels. The CVSS v3.1 base score is 7.4 (High), with attack vector network (AV:N), attack complexity high (AC:H), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality and integrity (C:H/I:H/A:N). Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the critical nature of the affected software in industrial and engineering environments. The lack of proper certificate validation undermines the trust model of TLS, making secure communications vulnerable to interception and manipulation.

The vulnerability could have severe consequences for European organizations using Siemens engineering and industrial software. Successful exploitation enables attackers to perform man-in-the-middle attacks, potentially intercepting sensitive intellectual property, design data, and authentication credentials. This compromises confidentiality and integrity of critical engineering workflows, which could lead to industrial espionage, sabotage, or unauthorized system access. Given the widespread use of Siemens products in manufacturing, automotive, aerospace, and energy sectors across Europe, the impact could disrupt production processes and damage competitive advantage. The lack of impact on availability reduces the likelihood of direct denial-of-service but does not diminish the risk of stealthy data breaches. Organizations relying on these products for design, simulation, and operational planning must consider the risk of compromised authorization mechanisms and the potential for lateral movement within their networks.

1. Apply Siemens vendor patches and updates immediately once they become available for all affected products to ensure proper certificate validation is enforced. 2. Until patches are deployed, implement network segmentation to isolate affected systems from untrusted networks and limit exposure to potential attackers. 3. Use network security monitoring tools to detect anomalous TLS handshake behavior or suspicious man-in-the-middle activity targeting IAM client communications. 4. Enforce strict certificate pinning or manual validation where possible to supplement the vulnerable client’s validation process. 5. Conduct regular security audits and penetration testing focused on TLS communications and authorization flows within Siemens product environments. 6. Educate IT and security teams about the vulnerability specifics to ensure rapid detection and response to suspicious activity. 7. Review and harden access controls around authorization servers to reduce the attack surface. 8. Maintain up-to-date inventories of affected Siemens software versions deployed across the organization to prioritize remediation efforts.