Details of VAR-202504-0719

ID

VAR-202504-0719

CVE

CVE-2024-41796

TITLE

Siemens SENTRON 7KT PAC1260 Data Manager has an unspecified vulnerability (CNVD-2025-07815)

Trust: 0.6

sources: CNVD: CNVD-2025-07815

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated attacker could be able to set the password to an attacker-controlled value. Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy consumption management from Siemens, Germany

Trust: 1.44

sources: NVD: CVE-2024-41796 // CNVD: CNVD-2025-07815

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07815

AFFECTED PRODUCTS

vendor:

siemens

model:

sentron 7kt pac1260 data manager

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-07815

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-41796
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-07815
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07815
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-41796
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-07815 // NVD: CVE-2024-41796

PROBLEMTYPE DATA

problemtype:

CWE-620

Trust: 1.0

sources: NVD: CVE-2024-41796

PATCH

title:

Patch for Siemens SENTRON 7KT PAC1260 Data Manager has an unspecified vulnerability (CNVD-2025-07815)

url:

https://www.cnvd.org.cn/patchInfo/show/682156

Trust: 0.6

sources: CNVD: CNVD-2025-07815

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41796	Trust: 1.6
db:	SIEMENS	id:	SSA-187636	Trust: 1.6
db:	CNVD	id:	CNVD-2025-07815	Trust: 0.6

sources: CNVD: CNVD-2025-07815 // NVD: CVE-2024-41796

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Trust: 1.6

sources: CNVD: CNVD-2025-07815 // NVD: CVE-2024-41796

SOURCES

db:	CNVD	id:	CNVD-2025-07815
db:	NVD	id:	CVE-2024-41796

LAST UPDATE DATE

2025-04-24T19:33:57.936000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07815	date:	2025-04-21T00:00:00
db:	NVD	id:	CVE-2024-41796	date:	2025-04-08T18:13:53.347

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07815	date:	2025-04-23T00:00:00
db:	NVD	id:	CVE-2024-41796	date:	2025-04-08T09:15:20.813