Authentication Bypass in SENTRON 7KT PAC1260 Data Manager by Siemens
CVE-2024-41791

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Sentron 7kt Pac1260 Data Manager
Vendor: CVE Published:; 8 April 2025

Summary

A significant flaw has been discovered in the web interface of the SENTRON 7KT PAC1260 Data Manager, where the device fails to authenticate requests for creating reports. This oversight allows unauthenticated attackers to exploit the vulnerability, potentially leading to unauthorized access to sensitive log files, the ability to reset the device, and manipulation of date and time settings. Organizations using affected versions should take immediate action to protect their devices.

Affected Version(s)

SENTRON 7KT PAC1260 Data Manager 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1876...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Jul 22, 2024