Siemens SALT TLS Certificate Validation Vulnerability
🔒The Siemens SALT SDK used by multiple engineering and simulation products fails to validate server TLS certificates, creating a risk of man-in-the-middle attacks by unauthenticated remote actors. Assigned CVE-2025-40801 with a CVSS v4 base score of 9.2, the issue affects COMOS, NX, Simcenter, Tecnomatix and others. Siemens has published updates for some versions while several products currently have no available fix; affected systems should be isolated, patched where possible, and protected behind properly configured firewalls and secure remote access solutions.
