CVE-2024-41791 HIGH

CVE-2024-41791

Vendor Siemens
Product SENTRON 7KT PAC1260 Data Manager
Weakness CWE-306 · Missing auth
Published April 8, 2025
Last update April 8, 2025

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the date and time.

Key dates

02Disclosure timeline

April 8, 2025 CVE published
April 8, 2025 Record updated