CVE-2025-40752

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-529291.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (Todas las versiones >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (Todas las versiones >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (Todas las versiones >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (Todas las versiones >= V2.60 < V2.62) y la familia POWER METER SICAM Q200 (Todas las versiones >= V2.70 < V2.80). Los dispositivos afectados almacenan la contraseña de la cuenta SMTP como texto sin formato. Esto podría permitir que un atacante local autenticado lo extraiga y utilice el servicio SMTP configurado para fines arbitrarios.

12 Aug 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-12 12:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-40752

Mitre link : CVE-2025-40752

CVE.ORG link : CVE-2025-40752

JSON object : View

Products Affected

No product.

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2025-40752", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-12T12:15:36.357", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-529291.html", "source": "productcert@siemens.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (Todas las versiones >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (Todas las versiones >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (Todas las versiones >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (Todas las versiones >= V2.60 < V2.62) y la familia POWER METER SICAM Q200 (Todas las versiones >= V2.70 < V2.80). Los dispositivos afectados almacenan la contrase\u00f1a de la cuenta SMTP como texto sin formato. Esto podr\u00eda permitir que un atacante local autenticado lo extraiga y utilice el servicio SMTP configurado para fines arbitrarios."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "productcert@siemens.com"}