CVE-2025-40801
📋 TL;DR
This vulnerability in Siemens industrial software products allows man-in-the-middle attacks due to missing TLS certificate validation in the SALT SDK. Attackers could intercept and manipulate communications between affected software and authorization servers. All users of COMOS, NX, Simcenter, Tecnomatix, and related Siemens products with specified versions are affected.
💻 Affected Systems
- COMOS V10.6
- JT Bi-Directional Translator for STEP
- NX V2412
- NX V2506
- Simcenter 3D
- Simcenter Femap
- Simcenter Studio
- Simcenter System Architect
- Tecnomatix Plant Simulation
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could intercept authentication credentials, inject malicious code, or manipulate industrial control data, potentially leading to system compromise, data theft, or operational disruption in industrial environments.
Likely Case
Credential theft and session hijacking allowing unauthorized access to industrial software systems and potentially connected industrial networks.
If Mitigated
Limited impact with proper network segmentation, certificate pinning, and monitoring of TLS handshake failures.
🎯 Exploit Status
Requires man-in-the-middle position on network path between client and authorization server. No authentication bypass needed once MITM is established.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: COMOS V10.6: Update to latest version, NX V2412: V2412.8900+, NX V2506: V2506.6000+, Simcenter 3D: V2506.6000+, Simcenter Femap: V2506.0002+, Tecnomatix Plant Simulation: V2504.0007+
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-212953.html
Restart Required: Yes
Instructions:
1. Check current version using vendor-provided tools. 2. Download patches from Siemens support portal. 3. Apply patches following vendor documentation. 4. Restart affected services. 5. Verify TLS certificate validation is working.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected systems from untrusted networks to prevent MITM attacks
Certificate Pinning
allImplement certificate pinning for authorization server connections if supported
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected systems
- Monitor network traffic for TLS handshake anomalies and certificate validation failures
🔍 How to Verify
Check if Vulnerable:
Check software version against affected versions list. Test TLS connections to authorization server with invalid certificates to see if they're rejected.Check Version:
Use vendor-specific commands or check About/Help menus in each applicationVerify Fix Applied:
After patching, test TLS connections with invalid certificates to confirm they are properly rejected. Verify version numbers match patched versions.📡 Detection & Monitoring
Log Indicators:
- TLS handshake failures with invalid certificates
- Unexpected authorization server connections
- Failed certificate validation events
Network Indicators:
- Unencrypted or improperly encrypted traffic to authorization endpoints
- MITM attack patterns in network traffic
SIEM Query:
source="*tls*" AND (event="handshake_failure" OR cert_validation="failed") AND dest_ip="authorization_server_ip"