Detections
Analytics

Siemens Solid Edge Improper Certificate Validation (SSA-981622)

low Nessus Plugin ID 307012

Language:

Synopsis

A CAD application installed on the remote Windows host is affected by an improper certificate validation vulnerability.

Description

The version of Siemens Solid Edge installed on the remote Windows host is SE2025 prior to V225.0 Update 13 or SE2026 prior to V226.0 Update 04. It is, therefore, affected by an improper certificate validation vulnerability.

 - Affected applications do not properly validate client certificates to connect to Analytics Service endpoint.
 This could allow an unauthenticated remote attacker to perform man in the middle attacks. (CVE-2025-40745)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Siemens Solid Edge SE2025 V225.0 Update 13 / SE2026 V226.0 Update 04 or later.

See Also

https://cert-portal.siemens.com/productcert/html/ssa-981622.html

Plugin Details

Severity: Low

ID: 307012

File Name: siemens_solid_edge_SSA-981622.nasl

Version: 1.2

Type: Local

Agent: windows

Family: Windows

Published: 4/17/2026

Updated: 4/20/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2025-40745

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:siemens:solid_edge

Required KB Items: installed_sw/Solid Edge

Exploit Ease: No known exploits are available

Patch Publication Date: 4/14/2026

Vulnerability Publication Date: 4/14/2026

Reference Information

CVE: CVE-2025-40745

IAVA: 2026-A-0331