Primary

Context

Siemens Solid Edge Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

A vulnerability exists in Siemens Solid Edge SE2025, all versions prior to V225.0 Update 11, due to improper validation of client certificates when connecting to the License Service endpoint. This flaw could enable an unauthenticated remote attacker to conduct man-in-the-middle attacks.

Impact

Exploitation of this vulnerability could lead to man-in-the-middle attacks, allowing an attacker to intercept and potentially alter communications between the client and the License Service endpoint.

Remediation

Users are advised to update Solid Edge SE2025 to V225.0 Update 11 or a later version. Additional information can be found on the Siemens Support website.

Added: Nov 11, 2025, 9:37 PM

Updated: Nov 11, 2025, 9:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens Solid Edge Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating