CVE-2024-41794
published 2025-04-08CVE-2024-41794: A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the…
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.59%
43.8th percentile
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SENTRON 7KT PAC1260 Data Manager
cisa_ics·2025-04-10·CVSS 9.1
[CRITICAL] Siemens SENTRON 7KT PAC1260 Data Manager
ICS Advisory
##
Siemens SENTRON 7KT PAC1260 Data Manager
Release DateApril 10, 2025
Alert CodeICSA-25-100-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SENTRON 7KT PAC1260 Data Manager
- Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command
GHSA
GHSA-w4wq-mmwq-2c74: A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions)
ghsa_unreviewed·2025-04-08·CVSS 7.7
CVE-2024-41794 [HIGH] CWE-798 GHSA-w4wq-mmwq-2c74: A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions)
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-08
Published