CVE-2024-41794 CRITICAL

CVE-2024-41794

Vendor Siemens
Product SENTRON 7KT PAC1260 Data Manager
Weakness CWE-798 · Hardcoded credentials
Published April 8, 2025
Last update April 8, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).

Key dates

02Disclosure timeline

April 8, 2025 CVE published
April 8, 2025 Record updated