CVE-2025-40945
MEDIUM
6.7
CVSS 3.1
Description
A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.
Metadata
Severity & Metrics
6.7
MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products (16)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Siemens | COMOS V10.4.5 | — | 0 < V10.4.5.0.2 |
| Siemens | COMOS V10.6 | — | 0 < V10.6.1 |
| Siemens | Designcenter NX | — | 0 < V2512.7000 |
| Siemens | Simcenter 3D | — | 0 < V2512.7000 |
| Siemens | Simcenter Femap V2506 | — | 0 < V2506.0003 |
| Siemens | Simcenter Femap V2512 | — | 0 < V2512.0002 |
| Siemens | Simcenter Nastran | — | 0 < V2606 |
| Siemens | Simcenter STAR-CCM+ | — | 0 < V2606 |
| Siemens | Solid Edge SE2025 | — | 0 < V225.0 Update 13 |
| Siemens | Solid Edge SE2026 | — | 0 < V226.0 Update 04 |
| Siemens | Teamcenter Visualization V2412 | — | 0 < V2412.0012 |
| Siemens | Teamcenter Visualization V2506 | — | 0 < V2506.0009 |
| Siemens | Teamcenter Visualization V2512 | — | 0 < V2512.2605 |
| Siemens | Tecnomatix Plant Simulation V2404 | — | 0 < V2404.0022 |
| Siemens | Tecnomatix Plant Simulation V2504 | — | 0 < V2504.0010 |
| Siemens | Tecnomatix Process Simulate | — | 0 < V2606 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-426 | cna | CWE-426: Untrusted Search Path |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 8.5 | HIGH | 4.0 | cna | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| 6.7 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |