Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-40753

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-12 Aug, 2025 | 11:17
Updated At-13 Aug, 2025 | 20:18
Rejected At-
Credits

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:12 Aug, 2025 | 11:17
Updated At:13 Aug, 2025 | 20:18
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.

Affected Products
Vendor
Siemens AGSiemens
Product
POWER METER SICAM Q100
Default Status
unknown
Versions
Affected
  • From V2.60 before V2.62 (custom)
Vendor
Siemens AGSiemens
Product
POWER METER SICAM Q100
Default Status
unknown
Versions
Affected
  • From V2.60 before V2.62 (custom)
Vendor
Siemens AGSiemens
Product
POWER METER SICAM Q100
Default Status
unknown
Versions
Affected
  • From V2.60 before V2.62 (custom)
Vendor
Siemens AGSiemens
Product
POWER METER SICAM Q100
Default Status
unknown
Versions
Affected
  • From V2.60 before V2.62 (custom)
Vendor
Siemens AGSiemens
Product
POWER METER SICAM Q200 family
Default Status
unknown
Versions
Affected
  • From V2.70 before V2.80 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-312CWE-312: Cleartext Storage of Sensitive Information
Type: CWE
CWE ID: CWE-312
Description: CWE-312: Cleartext Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.06.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-529291.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-529291.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:12 Aug, 2025 | 12:15
Updated At:12 Aug, 2025 | 14:25

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-312Primaryproductcert@siemens.com
CWE ID: CWE-312
Type: Primary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/html/ssa-529291.htmlproductcert@siemens.com
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-529291.html
Source: productcert@siemens.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2025-40752
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 0.27%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:17
Updated-13 Aug, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.

Action-Not Available
Vendor-Siemens AG
Product-POWER METER SICAM Q200 familyPOWER METER SICAM Q100
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-43781
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 7.03%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-10 Sep, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions.

Action-Not Available
Vendor-Siemens AG
Product-SINUMERIK 828D V4SINUMERIK 840D sl V4SINUMERIK ONE
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-35212
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.29% / 51.90%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 11:15
Updated-11 Feb, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the Database entries.

Action-Not Available
Vendor-Siemens AG
Product-sinec_traffic_analyzerSINEC Traffic Analyzersinec_traffic_analyzer
CWE ID-CWE-20
Improper Input Validation
CVE-2024-35211
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.57%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 11:15
Updated-11 Feb, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”).

Action-Not Available
Vendor-Siemens AG
Product-sinec_traffic_analyzerSINEC Traffic Analyzer
CWE ID-CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CVE-2025-40572
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to access sensitive information stored on the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_lpe9403scalance_lpe9403_firmwareSCALANCE LPE9403
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-25267
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system.

Action-Not Available
Vendor-Siemens AG
Product-Tecnomatix Plant Simulation V2404Tecnomatix Plant Simulation V2302
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-30757
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.2||MEDIUM
EPSS-0.08% / 24.72%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 08:17
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

Action-Not Available
Vendor-Siemens AG
Product-totally_integrated_automation_portalTotally Integrated Automation Portal (TIA Portal) V15Totally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V14Totally Integrated Automation Portal (TIA Portal) V18Totally Integrated Automation Portal (TIA Portal) V15.1Totally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V19Totally Integrated Automation Portal (TIA Portal) V20
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2023-23588
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 8.48%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 09:03
Updated-15 Oct, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.

Action-Not Available
Vendor-microchipSiemens AG
Product-maxview_storage_managersimatic_ipc1047_firmwaresimatic_ipc847esimatic_ipc647d_firmwaresimatic_ipc1047esimatic_ipc647esimatic_ipc647dsimatic_ipc847dsimatic_ipc847d_firmwaresimatic_ipc1047SIMATIC IPC847DSIMATIC IPC847ESIMATIC IPC647ESIMATIC IPC1047SIMATIC IPC647DSIMATIC IPC1047E
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-40363
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.35%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:17
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_winccsimatic_pcs_7SIMATIC WinCC V15 and earlierSIMATIC WinCC V17SIMATIC PCS 7 V9.1SIMATIC PCS 7 V9.0SIMATIC WinCC V7.4SIMATIC WinCC V7.5SIMATIC WinCC V16SIMATIC PCS 7 V8.2
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-19291
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.88%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:16
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.

Action-Not Available
Vendor-Siemens AG
Product-sinvr_3_video_serversinvr_3_central_control_serverControl Center Server (CCS)SiNVR/SiVMS Video Server
CWE ID-CWE-313
Cleartext Storage in a File or on Disk
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-38877
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.3||HIGH
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 10:36
Updated-20 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network.

Action-Not Available
Vendor-Siemens AG
Product-omnivise_t3000_domain_controlleromnivise_t3000_thin_clientomnivise_t3000_application_serveromnivise_t3000_product_data_managementomnivise_t3000_network_intrusion_detection_systemomnivise_t3000_whitelisting_serveromnivise_t3000_terminal_serverOmnivise T3000 Product Data Management (PDM) R9.2Omnivise T3000 Thin Client R9.2Omnivise T3000 Terminal Server R9.2Omnivise T3000 Security Server R9.2Omnivise T3000 Application Server R9.2Omnivise T3000 Domain Controller R9.2Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2Omnivise T3000 R8.2 SP4Omnivise T3000 R8.2 SP3Omnivise T3000 Whitelisting Server R9.2omnivise_t3000_domain_controlleromnivise_t3000_nidsomnivise_t3000_security_serveromnivise_t3000_thin_clientomnivise_t3000_application_serveromnivise_t3000_whitelisting_serveromnivise_t3000_terminal_serveromnivise_t3000_pdim
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-13947
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-4.9||MEDIUM
EPSS-0.18% / 39.97%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.

Action-Not Available
Vendor-Siemens AG
Product-sinvr_3_video_serversinvr_3_central_control_serverControl Center Server (CCS)
CWE ID-CWE-317
Cleartext Storage of Sensitive Information in GUI
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-46141
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-4.2||MEDIUM
EPSS-0.01% / 1.19%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:25
Updated-25 Nov, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-simatic_step_7SIMATIC STEP 7 (TIA Portal)
CWE ID-CWE-316
Cleartext Storage of Sensitive Information in Memory
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-43958
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.60%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-21 Apr, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.

Action-Not Available
Vendor-Siemens AG
Product-qms_automotiveQMS Automotive
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-31486
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6||MEDIUM
EPSS-0.06% / 16.98%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-13 Feb, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss.

Action-Not Available
Vendor-Siemens AG
Product-OPUPI0 AMQP/MQTT
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-10053
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.11%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:31
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks.

Action-Not Available
Vendor-Siemens AG
Product-simatic_rtls_locating_managerSIMATIC RTLS Locating Manager
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-33716
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.48%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cp_1545-1simatic_cp_1543-1_firmwaresimatic_cp_1543-1simatic_cp_1545-1_firmwareSIMATIC CP 1545-1SIMATIC CP 1543-1 (incl. SIPLUS variants)
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-53651
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 2.18%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:28
Updated-11 Feb, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). Affected devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the entire filesystem of the device.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 7SD87 (CP200)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7UT86 (CP200)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 6MD85 (CP200)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SJ86 (CP200)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SY82 (CP150)SIPROTEC 5 7SA87 (CP200)SIPROTEC 5 7SL87 (CP200)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7VK87 (CP200)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SJ85 (CP200)SIPROTEC 5 7SK85 (CP200)SIPROTEC 5 7KE85 (CP200)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 6MD86 (CP200)SIPROTEC 5 7SA86 (CP200)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 7UT85 (CP200)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7SL86 (CP200)SIPROTEC 5 7ST85 (CP200)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7UT87 (CP200)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7SS85 (CP200)SIPROTEC 5 7SD86 (CP200)
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-39674
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.28%
||
7 Day CHG~0.00%
Published-25 Jul, 2024 | 11:42
Updated-02 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-42284
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 8.13%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 01:45
Updated-07 Apr, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx_a100NVIDIA DGX servers
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-4737
Matching Score-4
Assigner-TECNO Mobile Limited
ShareView Details
Matching Score-4
Assigner-TECNO Mobile Limited
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.20%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 07:58
Updated-15 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage.

Action-Not Available
Vendor-TECNO MOBILE LIMITED
Product-com.transsion.aivoiceassistant
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-6785
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 5.83%
||
7 Day CHG~0.00%
Published-21 Sep, 2024 | 04:07
Updated-27 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MXview One and MXview One Central Manager Series store cleartext credentials in a local file

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.

Action-Not Available
Vendor-Moxa Inc.
Product-mxview_onemxview_one_central_managerMXview One Central Manager SeriesMXview One Series
CWE ID-CWE-313
Cleartext Storage in a File or on Disk
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-24964
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.82%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 16:35
Updated-12 Mar, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-22878
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.82%
||
7 Day CHG~0.00%
Published-19 May, 2023 | 15:53
Updated-21 Jan, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
Details not found