Siemens Family Security Update Advisory

Feb 20 2026

Overview

We have released a security update that fixes vulnerabilities in the Siemens family of products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-40587

Polarion V2404 versions: V2404.5 and earlier
Polarion V2410 versions: V2410.2 and earlier

CVE-2026-22923

NX versions: V2512 and earlier

CVE-2026-23715, CVE-2026-23716, CVE-2026-23717, CVE-2026-23718, CVE-2026-23719, CVE-2026-23720

Simcenter Femap versions: V2512 and earlier
Simcenter Nastran versions: V2512 and earlier

CVE-2026-25655

SINEC NMS versions: V4.0 SP2 and earlier
User Management Component (UMC) versions: V2.15.2.1 or earlier

CVE-2026-25656

SINEC NMS versions: All versions
User Management Component (UMC) versions: Before V2.15.2.1

Resolved Vulnerabilities

Cross-site scripting vulnerability in Polarion (CVE-2025-40587)
Data validation vulnerability in NX (CVE-2026-22923)
Out-of-bounds write vulnerability when parsing specially crafted XDB files in Simcenter Femap and Nastran (CVE-2026-23715)
Out-of-bounds read vulnerability in Simcenter Femap and Nastran when parsing specially crafted XDB files (CVE-2026-23716)
Out-of-bounds read vulnerability in Simcenter Femap and Nastran when parsing specially crafted XDB files (CVE-2026-23717)
Out-of-bounds read vulnerability in Simcenter Femap and Nastran when parsing specially crafted NDB files (CVE-2026-23718)
Heap-based buffer overflow vulnerability in Simcenter Femap and Nastran when parsing specially crafted NDB files (CVE-2026-23719)
Out-of-bounds read vulnerability when parsing specially crafted NDB files in Simcenter Femap and Nastran (CVE-2026-23720)
Local administrator privilege escalation vulnerability in SINEC NMS and User Management Component (UMC) (CVE-2026-25655)
Local SYSTEM privilege escalation vulnerability in SINEC NMS and User Management Component (UMC) (CVE-2026-25656)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-40587

Polarion version: V2404.5 or later
Polarion version: V2410.2 or later

CVE-2026-22923

NX version: V2512 and later

CVE-2026-23715, CVE-2026-23716, CVE-2026-23717, CVE-2026-23718, CVE-2026-23719, CVE-2026-23720

Simcenter Femap version: V2512 and later
Simcenter Nastran version: V2512 and later

CVE-2026-25655

SINEC NMS version: V4.0 SP2 or later
User Management Component (UMC) version: V2.15.2.1 or later

CVE-2026-25656

User Management Component (UMC) version: V2.15.2.1 or later

References

[1] SSA-035571: Cross Site Scripting Vulnerability in Polarion Before V2506
https://cert-portal.siemens.com/productcert/html/ssa-035571.html
[2] SSA-535115: Data Validation Vulnerability in NX Before V2512
https://cert-portal.siemens.com/productcert/html/ssa-535115.html
[3] SSA-965753: Multiple File Parsing Vulnerabilities in Simcenter Femap and Nastran Before V2512
https://cert-portal.siemens.com/productcert/html/ssa-965753.html
[4] SSA-311973: Multiple Local Privilege Escalation Vulnerabilities in SINEC NMS and User Management Component (UMC)
https://cert-portal.siemens.com/productcert/html/ssa-311973.html

Siemens Family Security Update Advisory

Microsoft Edge browser (145.0.3800.58) version security update advisory

Microsoft Edge browser (145.0.3800.58) version security update advisory

Tags:

Microsoft Edge browser (145.0.3800.58) version security update advisory

Microsoft Edge browser (145.0.3800.58) version security update advisory