Vulnerabilites related to Siemens - POWER METER SICAM Q200 family
CVE-2025-40752 (GCVE-0-2025-40752)
Vulnerability from cvelistv5
Published
2025-08-12 11:17
Modified
2025-08-13 20:18
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | POWER METER SICAM Q100 |
Version: V2.60 < V2.62 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T13:30:23.184849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T20:18:28.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q200 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.80",
"status": "affected",
"version": "V2.70",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q200 family (All versions \u003e= V2.70 \u003c V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:17:07.776Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-529291.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40752",
"datePublished": "2025-08-12T11:17:07.776Z",
"dateReserved": "2025-04-16T08:39:30.031Z",
"dateUpdated": "2025-08-13T20:18:28.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40753 (GCVE-0-2025-40753)
Vulnerability from cvelistv5
Published
2025-08-12 11:17
Modified
2025-08-13 20:18
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | POWER METER SICAM Q100 |
Version: V2.60 < V2.62 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T13:30:20.774490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T20:18:21.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q200 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.80",
"status": "affected",
"version": "V2.70",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q200 family (All versions \u003e= V2.70 \u003c V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:17:09.077Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-529291.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40753",
"datePublished": "2025-08-12T11:17:09.077Z",
"dateReserved": "2025-04-16T08:39:30.031Z",
"dateUpdated": "2025-08-13T20:18:21.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}