CVE-2025-40801

N/A

A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement (bundled as NX X)), NX V2506 (All versions < V2506.6000 with Cloud Entitlement (bundled as NX X)), Simcenter 3D (All versions < V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Femap (All versions < V2506.0002 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Studio (All versions < V2506.0001), Simcenter System Architect (All versions < V2506.0001), Tecnomatix Plant Simulation (All versions < V2504.0007). The SALT SDK is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

证书验证不恰当

Siemens多款产品 信任管理问题漏洞

Siemens NX等都是德国西门子（Siemens）公司的产品。Siemens NX是Siemens COMOS是一个流程工业运营管理软件。Siemens JT Bi-Directional Translator for STEP是一个数据转换工具。 Siemens多款产品存在信任管理问题漏洞，该漏洞源于缺少服务器证书验证，可能导致中间人攻击。以下产品受到影响：Siemens COMOS、JT Bi-Directional Translator for STEP、NX、Simcenter Studio、

N/A

N/A