CVE-2025-40801 is a vulnerability classified under CWE-295 (Improper Certificate Validation) affecting Siemens COMOS V10.6 and several related products including JT Bi-Directional Translator for STEP, NX versions prior to V2412.8900 and V2506.6000 with Cloud Entitlement, Simcenter 3D, Simcenter Femap, Simcenter Studio, Simcenter System Architect, and Tecnomatix Plant Simulation versions prior to V2504.0007. The root cause is that the SALT SDK, used by these products to establish TLS connections to Siemens' authorization servers, does not properly validate server certificates. This flaw allows an attacker positioned on the network path to perform a man-in-the-middle attack by intercepting and potentially altering communications between the client software and the authorization server. The vulnerability affects all versions of the listed products and does not require user interaction or authentication, increasing the risk of exploitation. The CVSS v3.1 base score is 8.1, reflecting high impact on confidentiality, integrity, and availability, though the attack complexity is rated high due to the need for network positioning. No public exploits are currently known, but the vulnerability's presence in critical industrial and engineering software makes it a significant concern. Siemens has not yet published patches, so users must rely on compensating controls until updates are available.

The vulnerability poses a substantial risk to European organizations using Siemens engineering and simulation software, particularly those in manufacturing, industrial automation, and critical infrastructure sectors. Successful exploitation could allow attackers to intercept sensitive data, manipulate authorization processes, or disrupt operations by injecting malicious commands or blocking legitimate communications. This could lead to intellectual property theft, operational downtime, safety incidents, and loss of trust in industrial control systems. Given Siemens' strong market presence in Europe, especially in Germany, France, Italy, and the UK, the impact could be widespread. The ability to perform man-in-the-middle attacks without authentication or user interaction increases the threat level, especially in environments where network segmentation is weak or remote access is common. The lack of patches currently increases exposure time, emphasizing the need for immediate mitigation.

1. Siemens should prioritize releasing security patches that enforce proper certificate validation in the SALT SDK and affected products. 2. Until patches are available, organizations should implement strict network segmentation to isolate affected systems from untrusted networks and limit exposure to potential attackers. 3. Deploy TLS inspection and monitoring tools to detect anomalous or unauthorized TLS connections that could indicate MitM attempts. 4. Use endpoint detection and response (EDR) solutions to monitor for suspicious activity related to the affected Siemens software. 5. Restrict access to authorization servers by IP whitelisting and VPNs to reduce attack surface. 6. Educate IT and OT personnel about the vulnerability and signs of MitM attacks. 7. Regularly audit and update network infrastructure to ensure no legacy or vulnerable protocols are in use. 8. Consider temporary disabling or restricting use of affected features that rely on the SALT SDK if feasible. 9. Maintain up-to-date backups and incident response plans tailored to industrial control environments.