CVE-2024-41793 HIGH

CVE-2024-41793

Vendor Siemens
Product SENTRON 7KT PAC1260 Data Manager
Weakness CWE-306 · Missing auth
Published April 8, 2025
Last update April 8, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh.

Key dates

02Disclosure timeline

April 8, 2025 CVE published
April 8, 2025 Record updated