Web Interface Vulnerability in SENTRON Data Manager by Siemens
CVE-2024-41796

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Sentron 7kt Pac1260 Data Manager
Vendor: CVE Published:; 8 April 2025

Summary

A vulnerability exists in the web interface of the SENTRON 7KT PAC1260 Data Manager, allowing changes to login passwords without requiring the current password. This vulnerability can be exploited in conjunction with a crafted CSRF attack, enabling an unauthenticated attacker to set the password to a value of their choosing, posing a significant risk to device security.

Affected Version(s)

SENTRON 7KT PAC1260 Data Manager 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1876...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Jul 22, 2024