CVE-2025-40800
CVSS Score
7.4
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026 (All versions < V226.0 Update 1). The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.
| CWE | CWE-295 |
| Vendor | siemens |
| Product | comos v10.6 |
| Ecosystems | |
| Industries | IndustrialManufacturing |
| Published | Dec 9, 2025 |
| Last Updated | Mar 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for siemens comos v10.6
Be the first to know when new high vulnerabilities affecting siemens comos v10.6 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Siemens / COMOS V10.6
0 < V10.6.1
Siemens / COMOS V10.6
0 < V10.6.1
Siemens / NX V2412
0 < V2412.8700
Siemens / NX V2506
0 < V2506.6000
Siemens / Simcenter 3D
0 < V2506.6000
Siemens / Simcenter Femap
0 < V2506.0002
Siemens / Solid Edge SE2025
0 < V225.0 Update 10
Siemens / Solid Edge SE2026
0 < V226.0 Update 1