216.73.217.172

CVE-2025-40753

· Published 12/08/2025 12:15 · Modified 12/08/2025 14:25

Labels: CVE-2025-40753 2025-08-12CVE-2025-40753CWE-312[email protected]

Essential information

Published
12/08/2025 12:15
Modified
12/08/2025 14:25
Author
Creator
CVSS
6.8 MEDIUM (v3) 6.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
siemens / sicam q100 cpe:2.3:a:siemens:sicam_q100:2.60-2.61:*:*:*:*:*:*:*
siemens / sicam q200 cpe:2.3:a:siemens:sicam_q200:2.70-2.79:*:*:*:*:*:*:*

References