Sign-up

ID

VAR-202504-0717


CVE

CVE-2024-41790


TITLE

Siemens'  SENTRON 7KT PAC1260 Data Manager  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-028025

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. Siemens' SENTRON 7KT PAC1260 Data Manager The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany

Trust: 2.16

sources: NVD: CVE-2024-41790 // JVNDB: JVNDB-2024-028025 // CNVD: CNVD-2025-07810

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-07810

AFFECTED PRODUCTS

vendor:siemensmodel:7kt pac1260 data managerscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:sentron 7kt pac1260 data managerscope:eqversion:sentron 7kt pac1260 data manager firmware

Trust: 0.8

vendor:シーメンスmodel:sentron 7kt pac1260 data managerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sentron 7kt pac1260 data managerscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:sentron 7kt pac1260 data managerscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-07810 // JVNDB: JVNDB-2024-028025 // NVD: CVE-2024-41790

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-41790
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2024-41790
value: HIGH

Trust: 1.0

NVD: CVE-2024-41790
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-07810
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-07810
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-41790
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-41790
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-41790
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-07810 // JVNDB: JVNDB-2024-028025 // NVD: CVE-2024-41790 // NVD: CVE-2024-41790

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-028025 // NVD: CVE-2024-41790

PATCH

title:Patch for Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability (CNVD-2025-07810)url:https://www.cnvd.org.cn/patchInfo/show/682131

Trust: 0.6

sources: CNVD: CNVD-2025-07810

EXTERNAL IDS

db:NVDid:CVE-2024-41790

Trust: 3.2

db:SIEMENSid:SSA-187636

Trust: 2.4

db:ICS CERTid:ICSA-25-100-06

Trust: 0.8

db:JVNid:JVNVU90506697

Trust: 0.8

db:JVNDBid:JVNDB-2024-028025

Trust: 0.8

db:CNVDid:CNVD-2025-07810

Trust: 0.6

sources: CNVD: CNVD-2025-07810 // JVNDB: JVNDB-2024-028025 // NVD: CVE-2024-41790

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu90506697/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-41790

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-06

Trust: 0.8

sources: CNVD: CNVD-2025-07810 // JVNDB: JVNDB-2024-028025 // NVD: CVE-2024-41790

SOURCES

db:CNVDid:CNVD-2025-07810
db:JVNDBid:JVNDB-2024-028025
db:NVDid:CVE-2024-41790

LAST UPDATE DATE

2025-09-26T21:27:10.576000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-07810date:2025-04-21T00:00:00
db:JVNDBid:JVNDB-2024-028025date:2025-09-25T06:19:00
db:NVDid:CVE-2024-41790date:2025-09-23T16:35:14.890

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-07810date:2025-04-22T00:00:00
db:JVNDBid:JVNDB-2024-028025date:2025-09-25T00:00:00
db:NVDid:CVE-2024-41790date:2025-04-08T09:15:18.590