PatchSiren cyber security CVE debrief
CVE-2025-40945 Siemens CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T10:16:30.783Z and has not been modified since then. A vulnerability in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access. The CVSS score is 8.5, indicating high severity. Users of COMOS V10.4.5, COMOS V10.6, Designcenter NX, Simcenter 3D, Simcenter Femap, Simcenter Nastran, Simcenter STAR-CCM+, Solid Edge, Teamcenter Visualization, Tecnomatix Plant Simulation, and Tecnomatix Process Simulate should review and apply patches.
- Vendor
- Siemens
- Product
- COMOS V10.4.5
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-14
Who should care
Users of COMOS V10.4.5, COMOS V10.6, Designcenter NX, Simcenter 3D, Simcenter Femap, Simcenter Nastran, Simcenter STAR-CCM+, Solid Edge, Teamcenter Visualization, Tecnomatix Plant Simulation, and Tecnomatix Process Simulate should review and apply patches. This includes operators, platform administrators, vulnerability management teams, and security teams responsible for these products.
Technical summary
A vulnerability in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access. The CVSS score is 8.5, indicating high severity. This vulnerability affects multiple Siemens products including COMOS V10.4.5, COMOS V10.6, Designcenter NX, Simcenter 3D, Simcenter Femap V2506, Simcenter Femap V2512, Simcenter Nastran, Simcenter STAR-CCM+, Solid Edge SE2025, Solid Edge SE2026, Teamcenter Visualization V2412, Teamcenter Visualization V2506, Teamcenter Visualization V2512, Tecnomatix Plant Simulation V2404, Tecnomatix Plant Simulation V2504, and Tecnomatix Process Simulate.
Defensive priority
High priority due to potential for privilege escalation via local access. Immediate review and patching recommended.
Recommended defensive actions
- Review and apply patches for affected products
- Implement compensating controls for local access
- Monitor for suspicious activity
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
Evidence notes
Evidence is limited; verify affected products and apply patches. Monitor for updates from Siemens. Limited source detail available; verify affected scope and apply patches. Evidence grounding suggests potential for privilege escalation via local access.
Official resources
-
CVE-2025-40945 CVE record
CVE.org
-
CVE-2025-40945 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T10:16:30.783Z and has not been modified since then.