Siemens SICAM Q100/Q200

Monitor6.2ICS-CERT ICSA-25-226-16Aug 12, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SICAM Q100 (firmware 2.60–2.61) and SICAM Q200 family (firmware 2.70–2.79) contain information disclosure vulnerabilities in how SMTP account credentials are stored. An authenticated local attacker could extract the SMTP password and use it to send unauthorized emails through your organization's configured mail service. These vulnerabilities are not exploitable remotely. Siemens has released patched firmware versions (Q100 v2.62, Q200 v2.80) that address the issue.

What this means

What could happen

An authenticated local attacker could extract the SMTP password stored on the power meter and use it to send emails through your organization's mail server, potentially for phishing or other unauthorized communications.

Who's at risk

Energy utilities operating Siemens SICAM Q100 or Q200 power meters should assess this risk. These meters are typically used for power quality monitoring and billing in substations and distribution centers. Any SICAM Q100 running firmware 2.60–2.61 or SICAM Q200 running firmware 2.70–2.79 is vulnerable.

How it could be exploited

An attacker with local access to the SICAM Q100 or Q200 device could read the stored SMTP credentials from device memory or configuration files, then use those credentials to authenticate to your mail server and send arbitrary emails.

Prerequisites

Local physical or console access to the SICAM Q100 or Q200 device
Device must be running a vulnerable firmware version (Q100 2.60–2.61, Q200 2.70–2.79)
Valid user account or ability to access the device interface

Local access required (not remotely exploitable)Requires user authentication or physical accessCould expose mail server credentialsAffects utility communication infrastructure

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

POWER METER SICAM Q100≥ 2.60, < 2.622.62

POWER METER SICAM Q200 family≥ 2.70, < 2.802.80

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict physical and console access to SICAM Q100 and Q200 devices to authorized personnel only

WORKAROUNDChange the SMTP account password configured in the SICAM device to a strong, unique credential not used elsewhere

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SICAM Q100 to firmware version 2.62 or later

HOTFIXUpdate SICAM Q200 to firmware version 2.80 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate SICAM devices behind a firewall from business networks and the internet

CVEs (2)

CVE-2025-40752 CVE-2025-40753

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/db4b8af4-4b05-4ee1-bd92-4a39e523c6c6