Perceptive Security
SOC/SIEM Consultancy
Siemens Advanced Licensing (SALT) Toolkit
Published:
11 December 2025 at 12:00:00
Alert date:
12 December 2025 at 02:01:39
Source:
cisa.gov
CISA advisory about a critical vulnerability (CVE-2025-40801) in Siemens Advanced Licensing (SALT) Toolkit affecting multiple Siemens products. The vulnerability involves improper certificate validation that could allow unauthenticated remote attackers to perform man-in-the-middle attacks. CVSS v4 score of 9.2 indicates high severity. Affects products including COMOS, NX, Simcenter, and Tecnomatix Plant Simulation with varying availability of fixes.
Technical details
The SALT SDK is missing server certificate validation while establishing TLS connections to the authorization server. This improper certificate validation vulnerability (CWE-295) could allow an attacker to perform man-in-the-middle attacks. The vulnerability is exploitable remotely with low attack complexity and could allow an unauthenticated remote attacker to perform man-in-the-middle attacks. CVSS v3.1 base score of 8.1 and CVSS v4 base score of 9.2.
Mitigation steps:
Update affected products to latest versions: NX V2412 to V2412.8900 or later, NX V2506 to V2506.6000 or later, Tecnomatix Plant Simulation to V2504.0007 or later, Simcenter Femap to V2506.0002 or later, Simcenter 3D to V2506.6000 or later. Minimize network exposure for control system devices, ensure they are not accessible from internet, locate control system networks behind firewalls, use VPNs for remote access, implement defense-in-depth strategies, follow Siemens operational guidelines for industrial security. Currently no fixes available for COMOS V10.6, Simcenter Studio, Simcenter System Architect, and no fix planned for JT Bi-Directional Translator for STEP.
Affected products:
COMOS V10.6: All versions
JT Bi-Directional Translator for STEP: All versions
NX V2412: Versions prior to 2412.8900
NX V2506: Versions prior to 2506.6000
Simcenter 3D: Versions prior to 2506.6000
Simcenter Femap: Versions prior to 2506.0002
Simcenter Studio: All versions
Simcenter System Architect: All versions
Tecnomatix Plant Simulation: Versions prior to 2504.0007
Related links:
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/295.html
https://www.cve.org/CVERecord?id=CVE-2025-40801
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
https://support.sw.siemens.com/product/209349590/
https://support.sw.siemens.com/product/297028302/
https://support.sw.siemens.com/product/275652363/
https://support.sw.siemens.com/product/289054037/
https://www.siemens.com/cert/operational-guidelines-industrial-security
https://www.siemens.com/industrialsecurity
https://cert-portal.siemens.com/productcert/html/ssa-710408.html
https://cert-portal.siemens.com/productcert/csaf/ssa-710408.json
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
https://www.cisa.gov/uscert/ncas/tips/ST04-014
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.