Full Report
Solid Edge is affected by improper certificate validation while connecting to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released a new version for Solid Edge SE2025 and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Improper Certificate Validation in Siemens Solid Edge
## CVE Details
- **CVE ID:** CVE-2025-40744
- **CVSS Score:**
- CVSS v4.0: **8.7 (High)**
- CVSS v3.1: **7.5 (High)**
- **CWE:** CWE-295: Improper Certificate Validation
## Affected Systems
- **Products:** Siemens Solid Edge SE2025
- **Versions:** All versions prior to V225.0 Update 11
- **Configurations:** Systems utilizing the License Service endpoint for product activation or management.
## Vulnerability Description
Solid Edge SE2025 fails to properly validate the certificates presented by the License Service endpoint during the connection process. In a secure TLS/SSL handshake, the client should verify that the server's certificate is signed by a trusted Certificate Authority (CA) and matches the expected identity. Because this validation is missing or improper, the application will accept any certificate provided by a server.
## Exploitation
- **Status:** Not exploited (No known reports of active exploitation in the wild or public PoC).
- **Complexity:** Low (The flaw is inherent in the communication logic).
- **Attack Vector:** Network (An attacker must be positioned to intercept traffic between the client and the License Service).
## Impact
- **Confidentiality:** High (An attacker can decrypt and view sensitive communication).
- **Integrity:** None (Based on CVSS:3.1/CVSS:4.0 vectors provided).
- **Availability:** None.
*Note: This vulnerability primarily facilitates Man-in-the-Middle (MitM) attacks to compromise the confidentiality of the license-related data exchange.*
## Remediation
### Patches
Siemens recommends updating to the following version or later:
- **Solid Edge SE2025:** Update to **V225.0 Update 11**
### Workarounds
No specific product workarounds were provided. Siemens recommends following general security practices:
- Protect network access to devices with appropriate security mechanisms (firewalls, VLANs).
- Operate in protected IT environments according to Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unusual network traffic patterns or unexpected IP addresses acting as the License Service endpoint.
- **Detection Methods:** Network security monitoring and SSL/TLS inspection tools can be used to identify non-standard or untrusted certificates being utilized during the handshake process with Siemens endpoints.
## References
- **Siemens Security Advisory:** hxxps[://]cert-portal[.]siemens[.]com/productcert/html/ssa-522291[.]html
- **Siemens Support Portal:** hxxps[://]support[.]sw[.]siemens[.]com/product/246738425/
- **Industrial Security Guidelines:** hxxps[://]www[.]siemens[.]com/cert/operational-guidelines-industrial-security