CISA 2026-04-21

Siemens Analytics Toolkit

CVE-2025-40745

Machine-generated analysis · WAYSCloud LLM

The advisory notes that the same vulnerability (CVE-2025-40745) affects multiple Siemens engineering applications through the Analytics Toolkit. Updates are available for each affected product, with specific version targets provided.

Context

Siemens Analytics Toolkit is a software component used in several Siemens engineering applications, including Simcenter 3D, Solid Edge, and Tecnomatix Plant Simulation. The advisory states that improper certificate validation in the toolkit could allow an unauthenticated remote attacker to perform man-in-the-middle attacks. The source indicates these products are used in critical manufacturing sectors worldwide.

Operator considerations

Check: Inventory installations of Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation.
Patch: Update to the specific version listed in the advisory for each product (e.g., Siemens Software Center to 3.5.8.2 or later).

From Cybersecurity and Infrastructure Security Agency ↗

Multiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens Analytics Toolkit are affected:

Siemens Software Center vers:intdot/

Read the full advisory on CISA →