VDB

GCVE-110-NCSC-2025-357

GCVE-110-NCSC-2025-357
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published November 11, 2025
A vulnerability in all versions of POWER METER SICAM Q100 prior to V2.60 allows Cross-Site Request Forgery attacks via the web interface, enabling unauthorized actions through deceptive links clicked by authenticated users.

Weaknesses (CWE)

CWE-352Cross-Site Request Forgery (CSRF)CWE-732Incorrect Permission Assignment for Critical ResourceCWE-184Incomplete List of Disallowed InputsCWE-420Unprotected Alternate ChannelCWE-648Incorrect Use of Privileged APIsCWE-266Incorrect Privilege AssignmentCWE-829Inclusion of Functionality from Untrusted Control SphereCWE-125Out-of-bounds ReadCWE-295Improper Certificate ValidationCWE-209Generation of Error Message Containing Sensitive InformationCWE-427Uncontrolled Search Path ElementCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-306Missing Authentication for Critical Function

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
Siemensvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›