Cross-Site Request Forgery Vulnerability in SENTRON 7KT PAC1260 Data Manager by Siemens
CVE-2024-41795

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Sentron 7kt Pac1260 Data Manager
Vendor: CVE Published:; 8 April 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the web interface of the SENTRON 7KT PAC1260 Data Manager by Siemens. This security flaw could permit an unauthorized attacker to exploit the system by tricking a valid device administrator into clicking on a malicious link. Once executed, this attack could lead to unauthorized modifications of device settings, potentially compromising the device's functionality and integrity.

Affected Version(s)

SENTRON 7KT PAC1260 Data Manager 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1876...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Jul 22, 2024