Description
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- Siemens / Siemens Software Center0 – V3.5.8.2
- Siemens / Simcenter 3D0 – V2506.6000
- Siemens / Simcenter Femap0 – V2506.0002
- Siemens / Simcenter STAR-CCM+0 – V2602
- Siemens / Solid Edge SE20250 – V225.0 Update 13
- Siemens / Solid Edge SE20260 – V226.0 Update 04
- Siemens / Tecnomatix Plant Simulation0 – V2504.0008