Details of VAR-202508-0342

ID

VAR-202508-0342

CVE

CVE-2025-40752

TITLE

Siemens POWER METER SICAM Q100/Q200 Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-19348

DESCRIPTION

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes

Trust: 1.44

sources: NVD: CVE-2025-40752 // CNVD: CNVD-2025-19348

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19348

AFFECTED PRODUCTS

vendor:	siemens	model:	power meter sicam q100	scope:	gte	version:	v2.60,<v2.62	Trust: 2.4
vendor:	siemens	model:	power meter sicam q200 family	scope:	gte	version:	v2.70,<v2.80	Trust: 0.6

sources: CNVD: CNVD-2025-19348

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2025-40752
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-19348
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-19348
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2025-40752
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-19348 // NVD: CVE-2025-40752

PROBLEMTYPE DATA

problemtype:

CWE-312

Trust: 1.0

sources: NVD: CVE-2025-40752

PATCH

title:

Patch for Siemens POWER METER SICAM Q100/Q200 Information Disclosure Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/723076

Trust: 0.6

sources: CNVD: CNVD-2025-19348

EXTERNAL IDS

db:	SIEMENS	id:	SSA-529291	Trust: 1.6
db:	NVD	id:	CVE-2025-40752	Trust: 1.0
db:	CNVD	id:	CNVD-2025-19348	Trust: 0.6

sources: CNVD: CNVD-2025-19348 // NVD: CVE-2025-40752

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-529291.html

Trust: 1.6

sources: CNVD: CNVD-2025-19348 // NVD: CVE-2025-40752

SOURCES

db:	CNVD	id:	CNVD-2025-19348
db:	NVD	id:	CVE-2025-40752

LAST UPDATE DATE

2025-08-23T23:04:42.061000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-19348	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-40752	date:	2025-08-12T14:25:33.177

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-19348	date:	2025-08-12T00:00:00
db:	NVD	id:	CVE-2025-40752	date:	2025-08-12T12:15:36.357