Path Traversal Vulnerability in SENTRON 7KT PAC1260 Data Manager by Siemens
CVE-2024-41792

9.2CRITICAL

Key Information:

Vendor: Siemens
Status: Sentron 7kt Pac1260 Data Manager
Vendor: CVE Published:; 8 April 2025

Summary

A path traversal vulnerability exists in the web interface of the SENTRON 7KT PAC1260 Data Manager, allowing unauthenticated attackers to gain access to arbitrary files with root privileges. This serious security flaw can lead to unauthorized data exposure and potential compromise of device integrity. Users of this device should take immediate action to secure their systems against possible exploitation by applying the necessary patches or workarounds.

Affected Version(s)

SENTRON 7KT PAC1260 Data Manager 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1876...

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Jul 22, 2024