CVE-2025-40753 — Cleartext Storage of Sensitive Info in Siemens Power Meter Sicam Q100

CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.0%

top 99.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Power Meter Sicam Q100 Siemens Power Meter Sicam Q200 Family

Timeline

PublishedAug 12

Description

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 = V2.60 = V2.60 = V2.60 = V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/power_meter_sicam_q100V2.60 — V2.62

▶CVEListV5siemens/power_meter_sicam_q200_familyV2.70 — V2.80

🔴Vulnerability Details

CVEList

CVE-2025-40753: A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2↗2025-08-12

▶

GHSA

GHSA-f62w-hhpc-j73f: A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2↗2025-08-12

▶