CVE-2025-40801 is a vulnerability classified under CWE-295 (Improper Certificate Validation) affecting Siemens COMOS V10.6 and several related products including JT Bi-Directional Translator for STEP, NX versions prior to V2412.8900 and V2506.6000 with Cloud Entitlement, Simcenter 3D, Simcenter Femap, Simcenter Studio, Simcenter System Architect, and Tecnomatix Plant Simulation versions before V2504.0007. The root cause is the SALT SDK's failure to properly validate server certificates during TLS handshake with the authorization server. This deficiency allows an attacker positioned in the network path to perform a man-in-the-middle attack, intercepting or altering communications without detection. The vulnerability affects all versions of the listed products prior to the fixed releases. The CVSS v3.1 base score is 8.1, reflecting network attack vector, high complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. No public exploits have been reported yet, but the vulnerability poses a significant risk due to the critical nature of the affected industrial and engineering software, which often controls or manages sensitive operational data and processes. The improper certificate validation undermines the trust model of TLS, potentially allowing attackers to inject malicious commands, steal credentials, or disrupt operations.

For European organizations, the impact of this vulnerability is substantial. Siemens software products affected are widely used in industrial automation, manufacturing, energy production, and infrastructure management sectors across Europe. A successful MitM attack could lead to unauthorized access to sensitive engineering data, manipulation of design or operational parameters, and disruption of critical industrial processes. This could result in intellectual property theft, operational downtime, safety hazards, and compliance violations under regulations like GDPR and NIS Directive. The high integration of Siemens products in European industrial environments means that exploitation could cascade into broader supply chain risks. Additionally, the lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation if the vulnerability is weaponized. The absence of known exploits currently provides a window for mitigation, but also underscores the urgency for proactive defense measures.

Immediate mitigation involves applying patches and updates from Siemens once they are released for the affected products. Until patches are available, organizations should implement network-level protections such as TLS interception with strict certificate validation policies to detect and block suspicious certificate anomalies. Employing network segmentation to isolate critical Siemens systems can limit exposure. Enforcing strict access controls and monitoring network traffic for unusual patterns related to TLS connections to authorization servers is recommended. Where possible, certificate pinning or the use of hardware security modules (HSMs) to validate server certificates can reduce risk. Regular security audits and penetration testing focusing on TLS and certificate validation mechanisms should be conducted. Organizations should also engage with Siemens support channels to receive timely updates and advisories. Finally, raising user awareness about potential phishing or social engineering attempts that could facilitate MitM positioning is important.