---
title: "Siemens SALT Toolkit Vulnerability Exposes Systems to MITM Attacks"
short_title: "Siemens SALT flaw enables MITM attacks"
description: "Critical vulnerability in Siemens Advanced Licensing (SALT) Toolkit allows remote attackers to perform man-in-the-middle attacks. Learn mitigation steps now."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [siemens, cve-2025-40801, mitm, industrial-security, tls]
score: 0.85
cve_ids: [CVE-2025-40801]
---
TL;DR
A critical vulnerability in Siemens' Advanced Licensing (SALT) Toolkit (CVE-2025-40801) exposes multiple Siemens products to man-in-the-middle (MITM) attacks due to improper certificate validation. With a CVSS v4 score of 9.2, this flaw allows unauthenticated remote attackers to intercept and manipulate communications. Siemens has released patches for most affected products, but some remain unaddressed.
---
Main Content
Critical Siemens SALT Toolkit Flaw Enables Remote Exploitation
Siemens has disclosed a high-severity vulnerability in its Advanced Licensing (SALT) Toolkit, which could allow attackers to perform man-in-the-middle (MITM) attacks on affected systems. The flaw, tracked as CVE-2025-40801, stems from improper certificate validation during TLS connections to the authorization server. With a CVSS v4 score of 9.2, this vulnerability poses a significant risk to organizations using Siemens' industrial and engineering software.
Key Points
- Vulnerability: Improper certificate validation in the SALT Toolkit (CVE-2025-40801).
- Severity: CVSS v4 score of 9.2 (Critical) and CVSS v3.1 score of 8.1 (High).
- Impact: Unauthenticated remote attackers can perform MITM attacks, intercepting or altering sensitive data.
- Affected Products: Multiple Siemens software products, including NX, Simcenter, Tecnomatix, and COMOS.
- Mitigation: Siemens has released patches for most affected products, but no fixes are planned for some, including JT Bi-Directional Translator for STEP and Simcenter Studio.
---
Technical Details
#### Affected Products
Siemens has identified the following products as vulnerable to CVE-2025-40801:
- COMOS V10.6: All versions (no fix planned).
- JT Bi-Directional Translator for STEP: All versions (no fix planned).
- NX V2412: Versions prior to 2412.8900.
- NX V2506: Versions prior to 2506.6000.
- Simcenter 3D: Versions prior to 2506.6000.
- Simcenter Femap: Versions prior to 2506.0002.
- Simcenter Studio: All versions (no fix available).
- Simcenter System Architect: All versions (no fix available).
- Tecnomatix Plant Simulation: Versions prior to 2504.0007.
#### Vulnerability Overview
The SALT Toolkit fails to validate server certificates during TLS connections to the authorization server. This oversight enables attackers to intercept, modify, or redirect traffic between the client and server, leading to potential data breaches or unauthorized access.
- CWE-295: Improper Certificate Validation.
- Attack Vector: Remote exploitation with low attack complexity.
- Impact: High confidentiality, integrity, and availability risks.
---
Impact Assessment
#### Potential Consequences
Successful exploitation of CVE-2025-40801 could have severe implications for organizations, including:
- Data Interception: Attackers can capture sensitive licensing or operational data.
- Unauthorized Access: Compromised communications may allow attackers to gain control over affected systems.
- Operational Disruption: MITM attacks can disrupt critical industrial processes, particularly in critical manufacturing sectors.
#### Industry Risk
- Critical Infrastructure: Siemens products are widely used in critical manufacturing, making this vulnerability particularly concerning for industrial environments.
- Global Deployment: Affected products are deployed worldwide, increasing the potential attack surface.
---
Mitigation Steps
Siemens has provided the following workarounds and patches to mitigate the risk:
#### Patches and Updates
- NX V2412: Update to V2412.8900 or later.
- NX V2506: Update to V2506.6000 or later.
- Simcenter 3D: Update to V2506.6000 or later.
- Simcenter Femap: Update to V2506.0002 or later.
- Tecnomatix Plant Simulation: Update to V2504.0007 or later.
#### Unpatched Products
- COMOS V10.6, Simcenter Studio, and Simcenter System Architect: No fixes are currently available.
- JT Bi-Directional Translator for STEP: No fix is planned.
#### General Security Recommendations
Siemens and CISA recommend the following measures to reduce risk:
1. Network Protection: Restrict network access to affected devices and isolate them from business networks.
2. Firewalls: Deploy firewalls to segment control system networks.
3. Remote Access: Use secure methods like VPNs for remote access, ensuring they are updated to the latest version.
4. Industrial Security Guidelines: Follow Siemens' [operational guidelines for industrial security](https://www.siemens.com/cert/operational-guidelines-industrial-security).
5. Monitoring: Implement intrusion detection systems to identify suspicious activity.
For more details, refer to Siemens' [security advisory SSA-710408](https://cert-portal.siemens.com/productcert/html/ssa-710408.html).
---
Conclusion
The CVE-2025-40801 vulnerability in Siemens' SALT Toolkit highlights the critical importance of proper certificate validation in industrial software. While patches are available for most affected products, organizations using unpatched systems must implement compensating controls to mitigate risk. Given the global deployment of Siemens products in critical infrastructure, immediate action is essential to prevent potential exploitation.
Organizations are urged to:
- Apply patches where available.
- Monitor network traffic for signs of MITM attacks.
- Follow CISA and Siemens' security recommendations to harden their environments.
---
References
[^1]: Siemens ProductCERT. "[SSA-710408: Vulnerability in SALT Toolkit](https://cert-portal.siemens.com/productcert/html/ssa-710408.html)". Retrieved 2025-01-24.
[^2]: CISA. "[ICS Advisory ICSA-25-345-05](https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-05)". Retrieved 2025-01-24.
[^3]: MITRE. "[CWE-295: Improper Certificate Validation](https://cwe.mitre.org/data/definitions/295.html)". Retrieved 2025-01-24.