Remote Access Vulnerability in SENTRON 7KT PAC1260 Data Manager by Siemens
CVE-2024-41793

7.7HIGH

Key Information:

Vendor: Siemens
Status: Sentron 7kt Pac1260 Data Manager
Vendor: CVE Published:; 8 April 2025

Summary

A significant vulnerability has been identified in the SENTRON 7KT PAC1260 Data Manager, affecting all versions. The device's web interface provides an endpoint that allows the enabling of the SSH service without requiring user authentication. This presents an opportunity for unauthenticated remote attackers to gain unauthorized access to the device via SSH, potentially compromising the entire system's security. Immediate attention and remediation are necessary to protect against such unauthorized access.

Affected Version(s)

SENTRON 7KT PAC1260 Data Manager 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1876...

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Jul 22, 2024