Vulnerability Alert: 4-Digit PIN Insufficient Protection Against Brute-Force Attacks

CVE-2024-41798

9.8CRITICAL

Key Information

Vendor
Siemens
Status
Sentron 7km Pac3200
Vendor
CVE Published:
8 October 2024

Summary

A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication.

Affected Version(s)

SENTRON 7KM PAC3200 < 0

Refferences

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.