Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2839 articles · 175149 vulns · 37/41 feeds (7d)
← Back to list
6.7
CVE-2025-40945EXPLOITEDPATCHED
siemens · comos

CVE-2025-40945: A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1),

Description

A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected Products

VendorProductVersions
siemenscomos0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

References

  • https://cert-portal.siemens.com/productcert/html/ssa-288252.html

Related News (1 articles)

Tier C
VulDB5h ago
CVE-2025-40945 | Siemens COMOS IAM Client SDK untrusted search path
→ No new info (linked only)
CVSS 3.16.7 MEDIUM
VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
V10.4.5.0.2V10.6.1V2512.7000V2506.0003V2512.0002V2606V225.0 Update 13V226.0 Update 04V2412.0012V2506.0009V2512.2605V2404.0022V2504.0010
CWECWE-426
PublishedJul 14, 2026
Last enriched5h agov2
Trending Score47
Source articles1
Independent1
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-56451
CVE-2026-56451: A vulnerability has been identified in Opcenter X (All versions < V2604). Affected applications do not properly validate
Trending: 44
HIGHCVE-2026-54429
CVE-2026-54429: A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced (All versions). Affected devices do not properly handl
Trending: 38
HIGHCVE-2026-54801EXP
CVE-2026-54801: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base syst
Trending: 31
MEDIUMCVE-2026-54799EXP
CVE-2026-54799: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base syst
Trending: 29
MEDIUMCVE-2026-54798EXP
CVE-2026-54798: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base syst
Trending: 26

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: severity, activelyExploited
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Patch Available
Jul 14, 2026

Version History

v2
Last enriched 5h ago
v2Tier C5h ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited
via VulDB
v15h ago

Initial creation