You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-40752
About this tag
CVE-2025-40752 is a security vulnerability affecting Siemens SICAM Q100 and Q200 power meter devices. The flaw involves SMTP credentials being stored in cleartext, allowing an authenticated local user to extract email account passwords from device storage or exported configuration files. This vulnerability is part of a pair (CVE-2025-40752 and CVE-2025-40753) with a CVSS v4 score of 6.8. Siemens and CISA recommend immediate firmware upgrades to mitigate the risk. Discussions on WindowsForum cover the advisory details, affected models, and remediation steps for asset owners and operators.
Siemens has republished an advisory confirming that several POWER METER models in the SICAM Q100 and Q200 families store SMTP credentials in cleartext — a design flaw that allows an authenticated local user to extract email account passwords from device storage or exported configuration files...