Details of VAR-202504-0717

ID

VAR-202504-0717

CVE

CVE-2024-41790

TITLE

Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability (CNVD-2025-07810)

Trust: 0.6

sources: CNVD: CNVD-2025-07810

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany

Trust: 1.44

sources: NVD: CVE-2024-41790 // CNVD: CNVD-2025-07810

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07810

AFFECTED PRODUCTS

vendor:

siemens

model:

sentron 7kt pac1260 data manager

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-07810

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-41790
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-07810
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07810
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-41790
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-07810 // NVD: CVE-2024-41790

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2024-41790

PATCH

title:

Patch for Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability (CNVD-2025-07810)

url:

https://www.cnvd.org.cn/patchInfo/show/682131

Trust: 0.6

sources: CNVD: CNVD-2025-07810

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41790	Trust: 1.6
db:	SIEMENS	id:	SSA-187636	Trust: 1.6
db:	CNVD	id:	CNVD-2025-07810	Trust: 0.6

sources: CNVD: CNVD-2025-07810 // NVD: CVE-2024-41790

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Trust: 1.6

sources: CNVD: CNVD-2025-07810 // NVD: CVE-2024-41790

SOURCES

db:	CNVD	id:	CNVD-2025-07810
db:	NVD	id:	CVE-2024-41790

LAST UPDATE DATE

2025-04-23T19:33:37.595000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07810	date:	2025-04-21T00:00:00
db:	NVD	id:	CVE-2024-41790	date:	2025-04-08T18:13:53.347

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07810	date:	2025-04-22T00:00:00
db:	NVD	id:	CVE-2024-41790	date:	2025-04-08T09:15:18.590