Siemens POWER METER SICAM Q100
Moderate fix2 remedies
cpe:2.3:h:siemens:7kg9501-0aa01-0aa1:*:*:*:*:*:*:*, +7 more
Moderate fix2 remedies
- >= V2.60, < V2.62
Siemens SICAM Q100 and Q200 Power Meters Information Disclosure Vulnerability
Vulnerability
Patched
A vulnerability exists in certain POWER METER SICAM Q100 and Q200 devices, specifically in versions of the Q100 family prior to 2.62 and in the Q200 family versions 2.70 through 2.80. The vulnerability arises because affected devices export the SMTP account password as plain text in the configuration file. This flaw could enable an authenticated local attacker to extract the password and misuse the SMTP service for various purposes.
Impact
Exploitation of this vulnerability could lead to unauthorized use of the SMTP service, potentially allowing for the sending of emails that could be misused for phishing or other malicious activities.
Remediation
Siemens has released new versions for the affected products. For the SICAM Q100 family, users should update to the latest version. For the SICAM Q200 family, users should update to version 2.80 or later. Recommended security guidelines can be found on the Siemens Grid Security website.
Added: Aug 12, 2025, 12:32 PM
Updated: Aug 12, 2025, 2:50 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
3.1exploitability
3.5remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.