Details of VAR-202504-0720

ID

VAR-202504-0720

CVE

CVE-2024-41791

TITLE

Siemens SENTRON 7KT PAC1260 Data Manager Access Control Error Vulnerability (CNVD-2025-07812)

Trust: 0.6

sources: CNVD: CNVD-2025-07812

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the date and time. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany

Trust: 1.44

sources: NVD: CVE-2024-41791 // CNVD: CNVD-2025-07812

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07812

AFFECTED PRODUCTS

vendor:

siemens

model:

sentron 7kt pac1260 data manager

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-07812

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-41791
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-07812
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07812
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-41791
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-07812 // NVD: CVE-2024-41791

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.0

sources: NVD: CVE-2024-41791

PATCH

title:

Patch for Siemens SENTRON 7KT PAC1260 Data Manager Access Control Error Vulnerability (CNVD-2025-07812)

url:

https://www.cnvd.org.cn/patchInfo/show/682141

Trust: 0.6

sources: CNVD: CNVD-2025-07812

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41791	Trust: 1.6
db:	SIEMENS	id:	SSA-187636	Trust: 1.6
db:	CNVD	id:	CNVD-2025-07812	Trust: 0.6

sources: CNVD: CNVD-2025-07812 // NVD: CVE-2024-41791

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-187636.html

Trust: 1.6

sources: CNVD: CNVD-2025-07812 // NVD: CVE-2024-41791

SOURCES

db:	CNVD	id:	CNVD-2025-07812
db:	NVD	id:	CVE-2024-41791

LAST UPDATE DATE

2025-04-24T19:33:57.919000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07812	date:	2025-04-21T00:00:00
db:	NVD	id:	CVE-2024-41791	date:	2025-04-08T18:13:53.347

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07812	date:	2025-04-23T00:00:00
db:	NVD	id:	CVE-2024-41791	date:	2025-04-08T09:15:18.790