Sign-up

ID

VAR-202504-0718


CVE

CVE-2024-41789


TITLE

Siemens'  SENTRON 7KT PAC1260 Data Manager  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-028289

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. Siemens' SENTRON 7KT PAC1260 Data Manager The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany

Trust: 2.16

sources: NVD: CVE-2024-41789 // JVNDB: JVNDB-2024-028289 // CNVD: CNVD-2025-07809

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-07809

AFFECTED PRODUCTS

vendor:siemensmodel:7kt pac1260 data managerscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:sentron 7kt pac1260 data managerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sentron 7kt pac1260 data managerscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sentron 7kt pac1260 data managerscope:eqversion:sentron 7kt pac1260 data manager firmware

Trust: 0.8

vendor:siemensmodel:sentron 7kt pac1260 data managerscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-07809 // JVNDB: JVNDB-2024-028289 // NVD: CVE-2024-41789

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-41789
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2024-41789
value: HIGH

Trust: 1.0

NVD: CVE-2024-41789
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-07809
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-07809
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-41789
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-41789
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-41789
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-07809 // JVNDB: JVNDB-2024-028289 // NVD: CVE-2024-41789 // NVD: CVE-2024-41789

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-028289 // NVD: CVE-2024-41789

PATCH

title:Patch for Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability (CNVD-2025-07809)url:https://www.cnvd.org.cn/patchInfo/show/682126

Trust: 0.6

sources: CNVD: CNVD-2025-07809

EXTERNAL IDS

db:NVDid:CVE-2024-41789

Trust: 3.2

db:SIEMENSid:SSA-187636

Trust: 2.4

db:JVNid:JVNVU90506697

Trust: 0.8

db:ICS CERTid:ICSA-25-100-06

Trust: 0.8

db:JVNDBid:JVNDB-2024-028289

Trust: 0.8

db:CNVDid:CNVD-2025-07809

Trust: 0.6

sources: CNVD: CNVD-2025-07809 // JVNDB: JVNDB-2024-028289 // NVD: CVE-2024-41789

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu90506697/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-41789

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-06

Trust: 0.8

sources: CNVD: CNVD-2025-07809 // JVNDB: JVNDB-2024-028289 // NVD: CVE-2024-41789

SOURCES

db:CNVDid:CNVD-2025-07809
db:JVNDBid:JVNDB-2024-028289
db:NVDid:CVE-2024-41789

LAST UPDATE DATE

2025-10-03T23:01:46.864000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-07809date:2025-04-21T00:00:00
db:JVNDBid:JVNDB-2024-028289date:2025-10-02T02:01:00
db:NVDid:CVE-2024-41789date:2025-09-23T16:37:39.860

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-07809date:2025-04-22T00:00:00
db:JVNDBid:JVNDB-2024-028289date:2025-10-02T00:00:00
db:NVDid:CVE-2024-41789date:2025-04-08T09:15:18.150