CVE-2025-40753 PUBLISHED

Assigner: siemens
Reserved: 16.04.2025 Published: 12.08.2025 Updated: 12.08.2025

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.8

Product Status

Vendor Siemens
Product POWER METER SICAM Q100
Versions Default: unknown
  • affected from V2.60 to V2.62 (excl.)
Vendor Siemens
Product POWER METER SICAM Q100
Versions Default: unknown
  • affected from V2.60 to V2.62 (excl.)
Vendor Siemens
Product POWER METER SICAM Q100
Versions Default: unknown
  • affected from V2.60 to V2.62 (excl.)
Vendor Siemens
Product POWER METER SICAM Q100
Versions Default: unknown
  • affected from V2.60 to V2.62 (excl.)
Vendor Siemens
Product POWER METER SICAM Q200 family
Versions Default: unknown
  • affected from V2.70 to V2.80 (excl.)

References

Problem Types

  • CWE-312: Cleartext Storage of Sensitive Information CWE