๐Ÿ” CVE Alert

CVE-2025-40801

HIGH 8.1
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement (bundled as NX X)), NX V2506 (All versions < V2506.6000 with Cloud Entitlement (bundled as NX X)), Simcenter 3D (All versions < V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Femap (All versions < V2506.0002 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Studio (All versions < V2506.0001), Simcenter System Architect (All versions < V2506.0001), Tecnomatix Plant Simulation (All versions < V2504.0007). The SALT SDK is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.

CWE CWE-295
Vendor siemens
Product comos v10.6
Ecosystems
Industries
IndustrialManufacturing
Published Dec 9, 2025
Last Updated Mar 10, 2026
Stay Ahead of the Next One

Get instant alerts for siemens comos v10.6

Be the first to know when new high vulnerabilities affecting siemens comos v10.6 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Siemens / COMOS V10.6
0 < V10.6.1
Siemens / COMOS V10.6
0 < V10.6.1
Siemens / JT Bi-Directional Translator for STEP
0 < *
Siemens / NX V2412
0 < V2412.8900
Siemens / NX V2506
0 < V2506.6000
Siemens / Simcenter 3D
0 < V2506.6000
Siemens / Simcenter Femap
0 < V2506.0002
Siemens / Simcenter Studio
0 < V2506.0001
Siemens / Simcenter System Architect
0 < V2506.0001
Siemens / Tecnomatix Plant Simulation
0 < V2504.0007

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-710408.html cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-212953.html