Sign-up

ID

VAR-202504-0718


CVE

CVE-2024-41789


TITLE

Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability (CNVD-2025-07809)

Trust: 0.6

sources: CNVD: CNVD-2025-07809

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany

Trust: 1.44

sources: NVD: CVE-2024-41789 // CNVD: CNVD-2025-07809

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-07809

AFFECTED PRODUCTS

vendor:siemensmodel:sentron 7kt pac1260 data managerscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-07809

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-41789
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2025-07809
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-07809
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-41789
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-07809 // NVD: CVE-2024-41789

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2024-41789

PATCH

title:Patch for Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability (CNVD-2025-07809)url:https://www.cnvd.org.cn/patchInfo/show/682126

Trust: 0.6

sources: CNVD: CNVD-2025-07809

EXTERNAL IDS

db:NVDid:CVE-2024-41789

Trust: 1.6

db:SIEMENSid:SSA-187636

Trust: 1.6

db:CNVDid:CNVD-2025-07809

Trust: 0.6

sources: CNVD: CNVD-2025-07809 // NVD: CVE-2024-41789

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Trust: 1.6

sources: CNVD: CNVD-2025-07809 // NVD: CVE-2024-41789

SOURCES

db:CNVDid:CNVD-2025-07809
db:NVDid:CVE-2024-41789

LAST UPDATE DATE

2025-04-23T19:33:37.674000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-07809date:2025-04-21T00:00:00
db:NVDid:CVE-2024-41789date:2025-04-08T18:13:53.347

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-07809date:2025-04-22T00:00:00
db:NVDid:CVE-2024-41789date:2025-04-08T09:15:18.150