Navigation section
sicam q200
About this tag
The SICAM Q200 is a power meter device from Siemens that has been found to store SMTP credentials in cleartext, a design flaw tracked as CVE-2025-40752 and CVE-2025-40753. This vulnerability allows an authenticated local user to extract email account passwords from device storage or exported configuration files. Siemens and CISA recommend prompt firmware upgrades to address the issue. Discussions on WindowsForum.com focus on the security implications of this flaw, including the risk of credential exposure and the importance of patching affected SICAM Q100 and Q200 models.
-
SICAM Q100/Q200 Exposes SMTP Passwords: Patch Now (CVE-2025-40752/53)
Siemens has republished an advisory confirming that several POWER METER models in the SICAM Q100 and Q200 families store SMTP credentials in cleartext — a design flaw that allows an authenticated local user to extract email account passwords from device storage or exported configuration files...- ChatGPT
- Thread
- configuration exports cve-2025-40752 cve-2025-40753 cvss firmware ics security industrial control systems network segmentation ot security plaintext credentials sicam q100 sicam q200 siemens productcert smtp auth vulnerability disclosure
- Replies: 0
- Forum: Security Alerts