Details of VAR-202504-0720

ID

VAR-202504-0720

CVE

CVE-2024-41791

TITLE

Siemens' SENTRON 7KT PAC1260 Data Manager Vulnerability related to lack of authentication for critical functions in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-028026

DESCRIPTION

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the date and time. Siemens SENTRON 7KT PAC1260 Data Manager is a device used for power monitoring and energy consumption management by Siemens, Germany

Trust: 2.16

sources: NVD: CVE-2024-41791 // JVNDB: JVNDB-2024-028026 // CNVD: CNVD-2025-07812

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07812

AFFECTED PRODUCTS

vendor:	siemens	model:	7kt pac1260 data manager	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	sentron 7kt pac1260 data manager	scope:	eq	version:	sentron 7kt pac1260 data manager firmware	Trust: 0.8
vendor:	シーメンス	model:	sentron 7kt pac1260 data manager	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sentron 7kt pac1260 data manager	scope:	eq	version:	-	Trust: 0.8
vendor:	siemens	model:	sentron 7kt pac1260 data manager	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-07812 // JVNDB: JVNDB-2024-028026 // NVD: CVE-2024-41791

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-41791
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-41791
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-41791
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-07812
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07812
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-41791
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-41791
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2024-41791
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-07812 // JVNDB: JVNDB-2024-028026 // NVD: CVE-2024-41791 // NVD: CVE-2024-41791

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-028026 // NVD: CVE-2024-41791

PATCH

title:

Patch for Siemens SENTRON 7KT PAC1260 Data Manager Access Control Error Vulnerability (CNVD-2025-07812)

url:

https://www.cnvd.org.cn/patchInfo/show/682141

Trust: 0.6

sources: CNVD: CNVD-2025-07812

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41791	Trust: 3.2
db:	SIEMENS	id:	SSA-187636	Trust: 2.4
db:	ICS CERT	id:	ICSA-25-100-06	Trust: 0.8
db:	JVN	id:	JVNVU90506697	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-028026	Trust: 0.8
db:	CNVD	id:	CNVD-2025-07812	Trust: 0.6

sources: CNVD: CNVD-2025-07812 // JVNDB: JVNDB-2024-028026 // NVD: CVE-2024-41791

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-187636.html	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu90506697/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41791	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-06	Trust: 0.8

sources: CNVD: CNVD-2025-07812 // JVNDB: JVNDB-2024-028026 // NVD: CVE-2024-41791

SOURCES

db:	CNVD	id:	CNVD-2025-07812
db:	JVNDB	id:	JVNDB-2024-028026
db:	NVD	id:	CVE-2024-41791

LAST UPDATE DATE

2025-09-26T22:48:49.774000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07812	date:	2025-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-028026	date:	2025-09-25T06:21:00
db:	NVD	id:	CVE-2024-41791	date:	2025-09-23T16:23:13.240

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07812	date:	2025-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2024-028026	date:	2025-09-25T00:00:00
db:	NVD	id:	CVE-2024-41791	date:	2025-04-08T09:15:18.790