PT-2025-32656 · Siemens · Sicam Q200+1
Published
2025-08-12
·
Updated
2025-08-12
·
CVE-2025-40753
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
POWER METER SICAM Q100 versions 2.60 through 2.61
POWER METER SICAM Q200 versions 2.70 through 2.79
Description:
Affected devices export the password for the SMTP account as plain text in the configuration file. This could allow an authenticated local attacker to extract the password and use the configured SMTP service for arbitrary purposes.
Recommendations:
POWER METER SICAM Q100 versions 2.60 through 2.61: Update to a version greater than or equal to 2.62.
POWER METER SICAM Q200 versions 2.70 through 2.79: Update to a version greater than or equal to 2.80.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sicam Q100
Sicam Q200