CRITICAL🇵🇱 Wersja polska

CVE-2024-41794

CVSS 10.0v4.0pub. 2025-04-08upd. 2025-09-23

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).

🤖 AI Analysis
How it works

The device software contains hardcoded credentials that enable remote access via SSH protocol with root privileges. An unauthenticated attacker who obtains these credentials can gain full control over the device provided that the SSH service is active. The SSH service can be enabled, for example, by exploiting the related vulnerability CVE-2024-41793, which in practice allows chained exploitation of both flaws.

Impact

An attacker can gain full, unauthenticated remote access to the device operating system with root privileges, enabling complete device control, modification of its configuration, reading of measurement data, and potential use of the device as an entry point to the OT network.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with references (https://cert-portal.siemens.com/productcert/html/ssa-187636.html). Until patches are deployed, it is recommended to disable the SSH service on devices and implement network isolation of devices in accordance with OT/ICS network security principles.

Who is affected

Siemens SENTRON 7KT PAC1260 Data Manager — all software versions

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Siemens 7kt Pac1260 Data Manager

    HW
    Siemens
    wszystkie wersje
  • Siemens 7kt Pac1260 Data Manager Firmware

    OS
    Siemens
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-41788CRITICAL9.4PL ✓ten sam produkt

Command Injection w Siemens SENTRON 7KT PAC1260 Data Manager – RCE jako root

CVE-2024-41789CRITICAL9.4PL ✓ten sam produkt

Command Injection w Siemens SENTRON 7KT PAC1260 Data Manager

CVE-2024-41790CRITICAL9.4PL ✓ten sam produkt

Command injection w Siemens SENTRON 7KT PAC1260 Data Manager — RCE jako root

CVE-2024-41792CRITICAL9.2PL ✓ten sam produkt

Path traversal w Siemens SENTRON 7KT PAC1260 Data Manager

CVE-2024-41793HIGH7.7ten sam produkt

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of a...