Details of VAR-202508-0343

ID

VAR-202508-0343

CVE

CVE-2025-40753

TITLE

Siemens POWER METER SICAM Q100/Q200 Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-19348

DESCRIPTION

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes

Trust: 1.44

sources: NVD: CVE-2025-40753 // CNVD: CNVD-2025-19348

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19348

AFFECTED PRODUCTS

vendor:	siemens	model:	power meter sicam q100	scope:	gte	version:	v2.60,<v2.62	Trust: 2.4
vendor:	siemens	model:	power meter sicam q200 family	scope:	gte	version:	v2.70,<v2.80	Trust: 0.6

sources: CNVD: CNVD-2025-19348

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2025-40753
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-19348
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-19348
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2025-40753
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-19348 // NVD: CVE-2025-40753

PROBLEMTYPE DATA

problemtype:

CWE-312

Trust: 1.0

sources: NVD: CVE-2025-40753

PATCH

title:

Patch for Siemens POWER METER SICAM Q100/Q200 Information Disclosure Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/723076

Trust: 0.6

sources: CNVD: CNVD-2025-19348

EXTERNAL IDS

db:	SIEMENS	id:	SSA-529291	Trust: 1.6
db:	NVD	id:	CVE-2025-40753	Trust: 1.0
db:	CNVD	id:	CNVD-2025-19348	Trust: 0.6

sources: CNVD: CNVD-2025-19348 // NVD: CVE-2025-40753

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-529291.html

Trust: 1.6

sources: CNVD: CNVD-2025-19348 // NVD: CVE-2025-40753

SOURCES

db:	CNVD	id:	CNVD-2025-19348
db:	NVD	id:	CVE-2025-40753

LAST UPDATE DATE

2025-08-23T23:04:42.044000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-19348	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-40753	date:	2025-08-12T14:25:33.177

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-19348	date:	2025-08-12T00:00:00
db:	NVD	id:	CVE-2025-40753	date:	2025-08-12T12:15:36.530